DRUPAL-CONTRIB-2026-023

This module extends the Drupal form API adding "Calculation element" form element types, which can evaluate a maths expression. It offers webform integration. The module doesn't sufficiently validate user input; this could be exploited to achieve Information Disclosure or Cross-site Scripting XSS...

PT-2026-23111

Name of the Vulnerable Software and Affected Versions Drupal Calculation Fields versions prior to 1.0.4 Description The Calculation Fields module for Drupal does not properly validate user-supplied input, potentially allowing for Information Disclosure or Cross-Site Scripting XSS attacks. This...

Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023

This module extends the Drupal form API adding "Calculation element" form element types, which can evaluate a maths expression. It offers webform integration. The module doesn't sufficiently validate user input; this could be exploited to achieve Information Disclosure or Cross-site Scripting XSS...

CivicRM SQL Injection Vulnerability

Drupal is a free, open source content management system developed in PHP. webform CiviCRM Integration is one of the modules that integrate Webform and CiviCRM. A SQL injection vulnerability exists in CivicRM 4.7b3, which allows an attacker to download database content after authentication...

CVE-2015-4354

Cross-site scripting XSS vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-4354

Cross-site scripting XSS vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-4354

CVE-2015-4354 is an XSS vulnerability in the Drupal Ubercart Webform Integration module (affected: version 6.x-1.8 and 7.x before 7.x-2.4). The issue allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, due to insufficient inpu...

Multiple Cross-Site Scripting Vulnerabilities in Drupal Ubercart Webform Integration Module

Drupal is the Drupal community maintained by a set of free , open source content management system developed in PHP language . Ubercart Webform Integration is one of the integrated Web forms and Ubercart module . A cross-site scripting vulnerability exists in the Drupal Ubercart Webform Integrati...

SA-CONTRIB-2014-082 - Marketo MA - Cross Site Scripting (XSS)

The Marketo MA module adds Marketo marketing automation tracking capability to your website as well as the ability to capture lead data during user registration and via webform integration. It consists of a base module as well as Marketo MA User Webform and Marketo MA User sub-modules. The Market...