VYPR
Unrated severityNVD Advisory· Published Jun 27, 2012· Updated Jun 16, 2026

CVE-2012-2710

CVE-2012-2710

Description

Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • John Albin/Zen5 versions
    cpe:2.3:a:john_albin:zen:6.x-1.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:john_albin:zen:6.x-1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:john_albin:zen:6.x-1.0beta1:*:*:*:*:*:*:*
    • cpe:2.3:a:john_albin:zen:6.x-1.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:john_albin:zen:6.x-1.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:john_albin:zen:6.x-1.x:dev:*:*:*:*:*:*
  • Drupal/Zenllm-fuzzy
    Range: >=6.x-1.0, <6.x-1.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.