Unrated severityNVD Advisory· Published Nov 30, 2012· Updated Jun 16, 2026
CVE-2012-4469
CVE-2012-4469
Description
Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators use the Database logging module.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:simon_rycroft:hashcash:6.x-2.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:simon_rycroft:hashcash:6.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:simon_rycroft:hashcash:6.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:simon_rycroft:hashcash:6.x-2.2:*:*:*:*:*:*:*
- cpe:2.3:a:simon_rycroft:hashcash:6.x-2.3:*:*:*:*:*:*:*
- cpe:2.3:a:simon_rycroft:hashcash:6.x-2.4:*:*:*:*:*:*:*
- cpe:2.3:a:simon_rycroft:hashcash:6.x-2.5:*:*:*:*:*:*:*
- cpe:2.3:a:simon_rycroft:hashcash:7.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:simon_rycroft:hashcash:7.x-2.1:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- drupal.org/node/1650784nvdPatch
- drupal.org/node/1650790nvdPatch
- drupal.org/node/1663306nvdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2012/10/04/3nvd
News mentions
0No linked articles in our index yet.