CVE-2012-2068

Name of the Vulnerable Software and Affected Versions Fancy Slide module versions prior to 6.x-2.7

Description The issue allows remote authenticated users with the administer fancy slide permission to inject arbitrary web script or HTML. This can be achieved via the node title or nodequeue title parameters.

Recommendations For versions prior to 6.x-2.7, update to version 6.x-2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the administer fancy slide permission to minimize the risk of exploitation. Avoid using the node title and nodequeue title parameters in the affected module until the issue is resolved.