CVE-2012-6582

Name of the Vulnerable Software and Affected Versions Drupal Spambot module versions 6.x-3.x before 6.x-3.2 Drupal Spambot module versions 7.x-1.x before 7.x-1.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog. This occurs due to the improper handling of API responses from stopforumspam.com.

Recommendations For Drupal Spambot module version 6.x-3.x, update to version 6.x-3.2 or later. For Drupal Spambot module version 7.x-1.x, update to version 7.x-1.1 or later.