Drupal PHPMailer Cross-Site Scripting (XSS) in Email Module

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Drupal PHPMailer Cross-Site Scripting (XSS) in Email Module

MINI-3m82-833v-7wg9

Summary

A weakness in the email module of the Drupal content management system allows an attacker to inject malicious code into email messages. This could let them steal user data or take control of accounts. Update the email module to the latest version to fix this issue.

Original title

MINI-3m82-833v-7wg9

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026