CVE-2012-2907

Name of the Vulnerable Software and Affected Versions Aberdeen theme versions 6.x-1.x before 6.x-1.11

Description The issue is related to a cross-site scripting (XSS) vulnerability in the aberdeen breadcrumb function. This function is located in template.php in the Aberdeen theme for Drupal. When the theme is set to append the content title to the breadcrumb, remote attackers can inject arbitrary web script or HTML via the content title in a breadcrumb.

Recommendations For Aberdeen theme versions 6.x-1.x before 6.x-1.11, update to version 6.x-1.11 or later to resolve the issue. As a temporary workaround, consider disabling the appending of content titles to breadcrumbs until a patch is available. Restrict access to the aberdeen breadcrumb function in template.php to minimize the risk of exploitation.