CVE-2012-5553 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the \administer OM Maximenu\ permission to inject arbitrary web script or HTML via the (1) Menu Title (2) Link Title (3) Path Query (4) Anchor or (5) vocabulary names.

Reference

http://drupal.org/node/1834046 http://drupal.org/node/1834048 http://drupal.org/node/1834866 http://www.madirish.net/551 http://www.openwall.com/lists/oss-security/2012/11/20/4