CVE-2012-4492

Name of the Vulnerable Software and Affected Versions Drupal Shorten URLs module versions 6.x-1.x before 6.x-1.13 Drupal Shorten URLs module versions 7.x-1.x before 7.x-1.2

Description The issue allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the report or Custom Services List page. This is due to multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module for Drupal.

Recommendations For Drupal Shorten URLs module version 6.x-1.x, update to version 6.x-1.13 or later. For Drupal Shorten URLs module version 7.x-1.x, update to version 7.x-1.2 or later.