CVE-2012-5558

Name of the Vulnerable Software and Affected Versions: Smiley module versions prior to 6.x-1.1 Smileys module versions prior to 6.x-1.1

Description: A cross-site scripting (XSS) issue allows remote authenticated users with the administer smiley permission to inject arbitrary web script or HTML via a smiley acronym.

Recommendations: For Smiley module versions prior to 6.x-1.1, update to version 6.x-1.1 or later. For Smileys module versions prior to 6.x-1.1, update to version 6.x-1.1 or later. As a temporary workaround, consider restricting the administer smiley permission to minimize the risk of exploitation.