CVE-2012-4469

Name of the Vulnerable Software and Affected Versions Drupal Hashcash module versions 6.x-2.x before 6.x-2.6 Drupal Hashcash module versions 7.x-2.x before 7.x-2.2

Description A cross-site scripting (XSS) issue exists in the Hashcash module for Drupal. This occurs when the "Log failed hashcash" option is enabled, and an invalid token is not properly handled by the Database logging module, allowing remote attackers to inject arbitrary web script or HTML.

Recommendations For Drupal Hashcash module version 6.x-2.x, update to version 6.x-2.6 or later. For Drupal Hashcash module version 7.x-2.x, update to version 7.x-2.2 or later.