VYPR
Unrated severityNVD Advisory· Published Oct 31, 2012· Updated Jun 16, 2026

CVE-2012-4485

CVE-2012-4485

Description

Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the (1) title or (2) alt parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • cpe:2.3:a:manuel_garcia:galleryformatter:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:manuel_garcia:galleryformatter:*:*:*:*:*:*:*:*range: <=7.x-1.1
    • cpe:2.3:a:manuel_garcia:galleryformatter:6.x-1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:manuel_garcia:galleryformatter:6.x-1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:manuel_garcia:galleryformatter:6.x-1.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:manuel_garcia:galleryformatter:6.x-1.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:manuel_garcia:galleryformatter:6.x-1.x:dev:*:*:*:*:*:*
    • cpe:2.3:a:manuel_garcia:galleryformatter:7.x-1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:manuel_garcia:galleryformatter:7.x-1.x:dev:*:*:*:*:*:*
  • Range: <7.x-1.2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.