Vulnerability Details CVE-2012-4490
Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Users module 6.x-1.x before 6.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) user name or (2) email address.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://drupal.org/node/1702984
- http://drupal.org/node/1708058
- http://www.openwall.com/lists/oss-security/2012/10/04/6
- http://www.openwall.com/lists/oss-security/2012/10/07/1
- http://www.securityfocus.com/bid/54766
- http://drupal.org/node/1702984
- http://drupal.org/node/1708058
- http://www.openwall.com/lists/oss-security/2012/10/04/6
- http://www.openwall.com/lists/oss-security/2012/10/07/1
- http://www.securityfocus.com/bid/54766
Products affected by CVE-2012-4490
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:ricky_morse:excluded_users:6.x-1.0