284 matches found
CVE-2015-4379
CVE-2015-4379 affects the Drupal Webform Multiple File Upload module (versions 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3). The underlying issue is a CSRF vulnerability that allows remote attackers to hijack the authentication of certain users to perform file-deletion actions via unspe...
CVE-2015-4357
The CVE-2015-4357 vulnerability affects the Drupal Webform contributed module. Specifically, Webform 6.x prior to 6.x-3.22, 7.x prior to 7.x-3.22, and 7.x-4.x prior to 7.x-4.4 allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title that is...
CVE-2015-4384
CVE-2015-4384 describes a cross-site scripting (XSS) vulnerability in the Ubercart Webform Checkout Pane module for Drupal. The issue affects Ubercart Webform Checkout Pane 6.x-3.x up to before 6.x-3.10 and 7.x-3.x up to before 7.x-3.11, arising because the module does not sufficiently sanitize u...
CVE-2015-4356
CVE-2015-4356 affects the Drupal Webform module (7.x-4.x) before 7.x-4.4. The vulnerability is an XSS in the view-based webform results table, exploitable by remote authenticated users with certain permissions to inject arbitrary script/HTML via a webform. The root cause is insufficient escaping ...
CVE-2015-4354
CVE-2015-4354 is an XSS vulnerability in the Drupal Ubercart Webform Integration module (affected: version 6.x-1.8 and 7.x before 7.x-2.4). The issue allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, due to insufficient inpu...
CVE-2015-4379
Cross-site request forgery CSRF vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors...
Drupal Webform Multiple File Upload Module Cross-Site Request Forgery Vulnerability
Drupal is a free and open source content management system developed in PHP. A cross-site request forgery vulnerability exists in Drupal Webform Multiple File Upload, which allows remote attackers to construct malicious URIs, trick users into parsing them, and can target user contexts to perform...
Drupal Ubercart Webform Checkout Pane Module Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in Drupal Ubercart Webform Checkout Pane, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to gain access to...
Webform Matrix Component - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-107
The Webform Matrix Component module is an extension of the Webform module that adds Matrix and Table components. The module doesn't sufficiently sanitize user supplied text, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must ha...
Fedora 22 : drupal7-webform-4.7-1.fc22 (2015-5022)
Update to 4.7 - Release notes can be found at https://www.drupal.org/node/2460229 - Security fix for drupal7-webform module - Upstream release notes: https://www.drupal.org/node/2457219 - Release notes can be found at https://www.drupal.org/node/2454063 Note that Tenable Network Security has...
[SECURITY] Fedora 22 Update: drupal7-webform-4.7-1.fc22
Webform is the module for making surveys in Drupal. After a submission, users may be sent an e-mail "receipt" as well as sending a notification to administrators. Results can be exported into Excel or other spreadsheet applications. Webform also provides some basic statistical review and has and...
Fedora 21 : drupal7-webform-4.7-1.fc21 (2015-5055)
Update to 4.7 - Release notes can be found at https://www.drupal.org/node/2460229 - Security fix for drupal7-webform module - Upstream release notes: https://www.drupal.org/node/2457219 - Release notes can be found at https://www.drupal.org/node/2454063 - Update to 4.3 - Release notes can be...
Fedora Update for drupal7-webform FEDORA-2015-5055
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for drupal7-webform FEDORA-2015-4994
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : drupal7-webform-4.7-1.fc20 (2015-4994)
Update to 4.7 - Release notes can be found at https://www.drupal.org/node/2460229 - Security fix for drupal7-webform module - Upstream release notes: https://www.drupal.org/node/2457219 - Release notes can be found at https://www.drupal.org/node/2454063 - Update to 4.3 - Release notes can be...
[SECURITY] Fedora 20 Update: drupal7-webform-4.7-1.fc20
Webform is the module for making surveys in Drupal. After a submission, users may be sent an e-mail "receipt" as well as sending a notification to administrators. Results can be exported into Excel or other spreadsheet applications. Webform also provides some basic statistical review and has and...
Multiple Cross-Site Scripting Vulnerabilities in Drupal Webform Module
Drupal is a developmental CMF Content Management Framework written in the PHP language. Multiple cross-site scripting vulnerabilities exist in the Drupal Webform module. Because the application fails to properly filter user-supplied input, an attacker could exploit the vulnerabilities to execute...
Cross-site scripting vulnerability in Drupal Webform module
Drupal is a developmental CMF Content Management Framework written in the PHP language. A cross-site scripting vulnerability exists in the Drupal Webform module. Because the program fails to properly filter user-supplied text, an attacker can exploit the vulnerability to execute arbitrary script...
Ubercart Webform Checkout Pane - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-087
Ubercart Webform Checkout Pane module allows you to define Webform nodes as checkout/order panes in Ubercart. The module doesn't sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an...
Webform Multiple File Upload - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-083
Webform Multiple File Upload module enables you to upload multiple files at once in webforms. The module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause a user with edit access to webforms to delete files by getting their browser to make a request to a...