CVE-2012-6582

Spambot - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog.

References (7)

[Vendor Advisory] http://secunia.com/advisories/50670

[Patch] https://drupal.org/node/1789084

[Patch] https://drupal.org/node/1789086

[Patch, Vendor Advisory] https://drupal.org/node/1789242

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/55613

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/78701

[Third Party Advisory, VDB Entry] http://osvdb.org/85680

Scores

EPSS 0.0052

EPSS Percentile 66.4%

Details

CWE

CWE-79

Status published

Products (9)

spambot_module_project/spambot

spambot_module_project/spambot

spambot_module_project/spambot

spambot_module_project/spambot

spambot_module_project/spambot

spambot_module_project/spambot

spambot_module_project/spambot

spambot_module_project/spambot

n/a/n/a

Published Aug 20, 2013

Tracked Since Feb 18, 2026