CVE-2012-6583

Name of the Vulnerable Software and Affected Versions Imagemenu module versions prior to 6.x-1.4

Description The issue allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name, which is a cross-site scripting (XSS) vulnerability.

Recommendations For versions prior to 6.x-1.4, update to version 6.x-1.4 or later to resolve the issue.