CVE-2012-2298 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) \user names in page titles\ and (2) \autocomplete callbacks.\

Reference

http://drupal.org/node/1547352 http://drupal.org/node/1547660 http://drupalcode.org/project/realname.git/commitdiff/41786d0 http://drupalcode.org/project/realname.git/commitdiff/b920794 http://secunia.com/advisories/48936 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.securityfocus.com/bid/53250 https://exchange.xforce.ibmcloud.com/vulnerabilities/75181