CVE-2012-2703

Name of the Vulnerable Software and Affected Versions Drupal Advertisement module versions 6.x-2.x before 6.x-2.3

Description A cross-site scripting (XSS) issue exists in the Advertisement module for Drupal. This occurs when debug mode is enabled, allowing remote attackers to inject arbitrary web script or HTML via vectors related to the $conf variable in settings.php.

Recommendations For versions prior to 6.x-2.3, update to version 6.x-2.3 or later to resolve the issue. As a temporary workaround, consider disabling debug mode until the update is applied. Restrict access to the Advertisement module to minimize the risk of exploitation. Avoid using the $conf variable in settings.php in a way that could expose it to unauthorized input until the issue is resolved.