Unrated severityNVD Advisory· Published Oct 31, 2012· Updated Jun 16, 2026
CVE-2012-4485
CVE-2012-4485
Description
Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the (1) title or (2) alt parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:manuel_garcia:galleryformatter:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:manuel_garcia:galleryformatter:*:*:*:*:*:*:*:*range: <=7.x-1.1
- cpe:2.3:a:manuel_garcia:galleryformatter:6.x-1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:manuel_garcia:galleryformatter:6.x-1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:manuel_garcia:galleryformatter:6.x-1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:manuel_garcia:galleryformatter:6.x-1.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:manuel_garcia:galleryformatter:6.x-1.x:dev:*:*:*:*:*:*
- cpe:2.3:a:manuel_garcia:galleryformatter:7.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:manuel_garcia:galleryformatter:7.x-1.x:dev:*:*:*:*:*:*
- Range: <7.x-1.2
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.