284 matches found
Sql injection
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the userid parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php...
CVE-2014-5520
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the userid parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php...
CVE-2013-4594
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment...
Design/Logic Flaw
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment...
CVE-2013-4594
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment...
CVE-2013-4594
The CVE-2013-4594 vulnerability affects the Drupal Payment for Webform module (7.x-1.x) prior to 7.x-1.5. It allows remote anonymous users to access/consume payments made by other anonymous users when submitting a form requiring payment due to insufficient access controls. Remediation: upgrade to...
CVE-2014-8379
Multiple cross-site scripting XSS vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the 1 Webform or 2 User sub-modules...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the 1 Webform or 2 User sub-modules...
CVE-2014-8379
Multiple cross-site scripting XSS vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the 1 Webform or 2 User sub-modules...
CVE-2014-8379
Multiple cross-site scripting XSS vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the 1 Webform or 2 User sub-modules...
CVE-2014-8318
Cross-site scripting XSS vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields hav...
CVE-2014-8317
Cross-site scripting XSS vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text...
Cross site scripting
Cross-site scripting XSS vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text...
Cross site scripting
Cross-site scripting XSS vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields hav...
CVE-2014-8317
Cross-site scripting XSS vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text...
CVE-2014-8318
Cross-site scripting XSS vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields hav...
CVE-2014-8318
The issue CVE-2014-8318 affects the Webform contributed module for Drupal. Affected versions: Webform 6.x-3.x before 6.x-3.20; 7.x-3.x before 7.x-3.20; and 7.x-4.x before 7.x-4.0-beta2. Description: remote authenticated users with certain permissions can inject arbitrary web script or HTML via a ...
CVE-2014-8317
The CVE-2014-8317 entry concerns Drupal’s Webform Validation module. A cross-site scripting (XSS) flaw exists in the component name text field in versions 6.x-1.x prior to 6.x-1.6 and 7.x-1.x prior to 7.x-1.4, allowing remote authenticated users with certain permissions to inject arbitrary web sc...
SA-CONTRIB-2014-094 - Webform Patched - Cross Site Scripting (XSS)
The Webform Patched module is a fork of the Webform module with Token support added. The module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have...
SA-CONTRIB-2014-082 - Marketo MA - Cross Site Scripting (XSS)
The Marketo MA module adds Marketo marketing automation tracking capability to your website as well as the ability to capture lead data during user registration and via webform integration. It consists of a base module as well as Marketo MA User Webform and Marketo MA User sub-modules. The Market...