PT-2012-5417 · Drupal · Drupal

Joshua Brauer

Published

2012-11-30

Updated

2012-12-03

CVE-2012-4469

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Drupal Hashcash module versions 6.x-2.x before 6.x-2.6 Drupal Hashcash module versions 7.x-2.x before 7.x-2.2

Description A cross-site scripting (XSS) issue exists in the Hashcash module for Drupal. This occurs when the "Log failed hashcash" option is enabled, and an invalid token is not properly handled by the Database logging module, allowing remote attackers to inject arbitrary web script or HTML.

Recommendations For Drupal Hashcash module version 6.x-2.x, update to version 6.x-2.6 or later. For Drupal Hashcash module version 7.x-2.x, update to version 7.x-2.2 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2012-4469

Affected Products

Drupal

PT-2012-5417 · Drupal · Drupal

CVE-2012-4469

Weakness Enumeration

Related Identifiers

Affected Products

References · 5