Drupal Basic webmail Module Cross Site Scripting and Information Disclosure Vulnerabilities

Basic webmail module for Drupal is prone to multiple cross-site scripting and information-disclosure vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.

Basic webmail 6.x-1.x versions prior to 6.x-1.2 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus