Vulnerability Details CVE-2012-5569
Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.9%
CVSS Severity
CVSS v2 Score 4.3
References
- http://drupal.org/node/1808852
- http://www.openwall.com/lists/oss-security/2012/11/20/4
- http://www.openwall.com/lists/oss-security/2012/11/27/2
- https://drupal.org/node/1808616
- http://drupal.org/node/1808852
- http://www.openwall.com/lists/oss-security/2012/11/20/4
- http://www.openwall.com/lists/oss-security/2012/11/27/2
- https://drupal.org/node/1808616
Products affected by CVE-2012-5569
-
cpe:2.3:a:basic_webmail_project:basic_webmail:6.x-1.1
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:jason_flatt:basic_webmail:6.x-1.0
-
cpe:2.3:a:jason_flatt:basic_webmail:6.x-1.x