2 matches found
CVE-2012-4468
Summary: CVE-2012-4468 is a cross-site scripting (XSS) vulnerability in the Drupal Privatemsg module. Affected software: Privatemsg 7.x-1.x before 7.x-1.3. Root cause: insufficient sanitization of the user name when creating private messages. Impact: remote attackers can inject arbitrary web scri...
SA-CONTRIB-2012-104 - Privatemsg - Cross Site Scripting (XSS)
The Privatemsg module allows users to send private messages between to each other. The module doesn't sufficiently sanitize user names when creating messages. This vulnerability is mitigated by the fact that it is not possible to create insecure user names through the default user interface. The...