Vulnerabilities (CVE)

Filtered by vendor Basic Webmail Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5570 1 Basic Webmail Project 1 Basic Webmail 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.
CVE-2012-5569 3 Basic Webmail Project, Drupal, Jason Flatt 3 Basic Webmail, Drupal, Basic Webmail 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via a (1) page title or (2) crafted email message.