18 matches found
CVE-2026-0749
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...
CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...
CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...
EUVD-2026-4876
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...
CVE-2026-0749
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...
CVE-2026-0749
Technical details, affected versions, and mitigation are not publicly provided in the supplied documents. Monitor for updates from official advisories and CVE entries.
CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...
Drupal Form Builder security vulnerabilities
Drupal Form Builder is a form generation plugin for the Drupal community. Versions 7.X-1.0 to 7.X-1.22 of Drupal Form Builder have security vulnerabilities. These vulnerabilities stem from improper input handling during form generation, which may lead to cross-site scripting attacks...
PT-2026-5189
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...
EUVD-2015-6598
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2015-6660
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that...
Linux Distros Unpatched Vulnerability : CVE-2022-25273
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow a...
UBUNTU-CVE-2022-25273
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
DRUPAL-CORE-2022-008
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
UBUNTU-CVE-2015-6660
The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks."...
UBUNTU-CVE-2014-5021
Cross-site scripting XSS vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label...
JVN#45898075: Drupal Form API fails to validate the redirect URL
Drupal is a content management system CMS. Drupal's Form API fails to validate the redirect URL, which may lead to unintended information disclosure. Impact A remote attacker may change the redirect URL of a form. As a result, information such as authentication credentials may be disclosed...
SA-CONTRIB-2009-015 - Tokenauth - Access bypass
The Token authentication module allows access to RSS feeds via a token without having to provide your username and password to the site. Token authentication did not properly use the Drupal Form API which would allow a malicious user to learn the site administrator's token giving them the ability...