CVE-2012-4469

Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators use the Database logging module.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
simon_rycrofthashcash
6.x-2.0:x
simon_rycrofthashcash
6.x-2.1:x
simon_rycrofthashcash
6.x-2.2:x
simon_rycrofthashcash
6.x-2.3:x
simon_rycrofthashcash
6.x-2.4:x
simon_rycrofthashcash
6.x-2.5:x
simon_rycrofthashcash
7.x-2.0:x
simon_rycrofthashcash
7.x-2.1:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1650784
http://drupal.org/node/1650790
http://drupal.org/node/1663306
http://www.openwall.com/lists/oss-security/2012/10/04/3
http://drupal.org/node/1650784
http://drupal.org/node/1650790
http://drupal.org/node/1663306
http://www.openwall.com/lists/oss-security/2012/10/04/3