Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message.
CPE | Name | Operator | Version |
---|---|---|---|
basic_webmail | eq | 6.120.11 | |
basic_webmail | eq | 6.120.10 | |
basic_webmail | eq | 6.x-1.x dev |