CVE-2012-5569

Drupal Basic Webmail <6.x-1.2 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message.

References (4)

[Patch, Vendor Advisory] http://drupal.org/node/1808852

[Patch] https://drupal.org/node/1808616

[Mailing List] http://www.openwall.com/lists/oss-security/2012/11/20/4

[Mailing List] http://www.openwall.com/lists/oss-security/2012/11/27/2

Scores

EPSS 0.0026

EPSS Percentile 48.7%

Details

CWE

CWE-79

Status published

Products (4)

basic_webmail_project/basic_webmail

jason_flatt/basic_webmail

n/a/n/a

Published Dec 03, 2012

Tracked Since Feb 18, 2026