CVE-2013-2129

The CVE-2013-2129 issue affects the Drupal Webform module (6.x-3.x) prior to 6.x-3.19. It is a Cross-site Scripting (XSS) vulnerability whereby remote authenticated users with the "edit own webform content" or "edit all webform content" permissions can inject arbitrary web script or HTML via a co...

SA-CONTRIB-2013-050 - Webform - Cross Site Scripting (XSS)

The Webform module allows the creation of custom webforms and surveys. Webform module does not sanitize the labels of created components fields when displaying a list of components to be used in e-mails or downloaded CSV files. This vulnerability is mitigated by the fact that an attacker must hav...

CVE-2012-1660

Multiple cross-site scripting XSS vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select or other" module is enabled, allow remote authenticated users with the create webform content permission to inject...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select or other" module is enabled, allow remote authenticated users with the create webform content permission to inject...

CVE-2012-1660

Multiple cross-site scripting XSS vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select or other" module is enabled, allow remote authenticated users with the create webform content permission to inject...

CVE-2012-1660

The CVE-2012-1660 issue affects the Drupal Webform module (component: Webform) via the Select (or Other) submodule. Vulnerable versions are Webform 6.x-3.x before 6.x-3.17 and Webform 7.x-3.x before 7.x-3.17, where XSS can be injected by remote authenticated users who have the create webform cont...

Cross site scripting

Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label...

CVE-2009-4533

The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors...

CVE-2009-4532

Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label...

Code injection

The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors...

CVE-2009-4533

CVE-2009-4533 affects the Drupal Webform module (5.x before 5.x-2.8 and 6.x before 6.x-2.8). The underlying issue is that pages containing token placeholders for a default value are not prevented from being cached, which can allow remote attackers to read session variables via unspecified vectors...

CVE-2009-4532

The CVE-2009-4532 issue affects the Drupal Webform module (5.x prior to 5.x-2.8 and 6.x prior to 6.x-2.8). The root cause is a Cross-site Scripting (XSS) vulnerability in a field label. An attacker must be a remote authenticated user with webform creation privileges, and can inject arbitrary web ...

CVE-2009-4532

Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label...

CVE-2009-4533

The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors...

CVE-2009-4207

CVE-2009-4207 describes a cross-site scripting (XSS) vulnerability in the Drupal Webform module: versions 5.x before 5.x-2.7 and 6.x before 6.x-2.7 are affected. The issue allows remote attackers to inject arbitrary web script or HTML via a submission. The connected documents confirm the affected...

CVE-2009-4207

Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission...

SA-CONTRIB-2009-032 - Webform - Cross-site scripting

The Webform module provides a node type which is typically used to enable site visitors to fill in questionnaires, contact or request/registration forms, surveys, polls, or other forms on a Drupal site. When displaying the results of Webform submissions, the module does not properly filter user...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

SA-2008-024 - Webform - Cross site scripting

The contributed webform module provides a webform nodetype. Typical uses for webform are to create questionnaires, contact or request/register forms, surveys, polls or a front end to issues tracking systems. On several points in the codebase, user-supplied data is not escaped before it is...

CVE-2006-3570

CVE-2006-3570 concerns the Drupal webform module. Affected versions are Drupal 4.6 and 4.7 prior to July 8, 2006. The vulnerability is an XSS flaw allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected documents confirm the issue but do not specify...