Lucene search
K

284 matches found

seebug.org
seebug.org
added 2014/03/14 12:0 a.m.26 views

Drupal Webform Template模块安全绕过漏洞

Drupal是一套开放源码的内容管理平台。 该漏洞是由于当显示可能的节点来复制网页表单的配置文件时,应用程序没有正确验证权限, 攻击者可以利用漏洞泄漏其他受限制接点的某些信息。 0 Drupal Webform Template Module 7.x Drupal Webform Template Module 7.x-1.3版本以修复此漏洞,建议用户下载使用: https://drupal.org/node/2216607...

7.1AI score
Exploits0
Drupal
Drupal
added 2014/03/12 12:0 a.m.16 views

SA-CONTRIB-2014-031 - Webform Template - Access Bypass

This module enables you to copy webform config from one node to another. The module doesn't respect node access when providing possible nodes to copy from. As a result, a user may be disclosed the titles of nodes he does not have view access to and as such he may be able to copy the webform...

6.8AI score
Exploits0References11
Drupal
Drupal
added 2014/02/12 12:0 a.m.10 views

SA-CONTRIB-2014-014 - Webform Validation - Cross Site Scripting (XSS)

The Webform Validation module enables you to add additional form validation rules to Webforms created by the Webform module. The module doesn't sufficiently filter component name text before display, opening up the possibility of cross site scripting. This vulnerability is mitigated by the fact...

6.4AI score
Exploits0References11
Drupal
Drupal
added 2014/02/12 12:0 a.m.19 views

SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)

The Webform module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have the same formkey, which can only be managed by carefully crafting the webform...

3.5CVSS6.3AI score0.01095EPSS
Exploits0References14
Drupal
Drupal
added 2013/11/06 12:0 a.m.17 views

SA-CONTRIB-2013-087 - Payment for Webform - Access Bypass

This module enables you to ask for or require payments before users can submit webforms. It previously allowed anonymous users to sometimes use other anonymous users' payments when submitting a form. Payment for Webform never supported anonymous users, but there was also nothing that prevented th...

4.3CVSS6.5AI score0.01042EPSS
Exploits0References12
NVD
NVD
added 2013/08/21 2:55 p.m.22 views

CVE-2013-4230

The mmwebform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrar...

6CVSS6.3AI score0.01207EPSS
Exploits0References7
Cvelist
Cvelist
added 2013/08/21 2:0 p.m.18 views

CVE-2013-4230

The mmwebform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrar...

6.3AI score0.01207EPSS
Exploits0References7
CVE
CVE
added 2013/08/21 2:0 p.m.74 views

CVE-2013-4230

The mm_webform submodule in Monster Menus (Drupal 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13) does not properly restrict access to webform submissions, allowing remote authenticated users with the “Who can read data submitted to this webform” permission to delete arbitrary submissions vi...

6CVSS6.4AI score0.01207EPSS
Exploits0References7Affected Software1
Drupal
Drupal
added 2013/08/07 12:0 a.m.23 views

SA-CONTRIB-2013-066 - Monster Menus - Multiple Vulnerabilities

Monster Menus enables you to create granular page permissions, and apply them to a hierarchical page structure. The mmwebform submodule enables you to assign permissions derived from Monster Menus to webform forms. The module doesn't sufficiently filter titles entered into page settings and echoe...

2.1CVSS5.7AI score0.01099EPSS
Exploits1References9
NVD
NVD
added 2013/06/24 4:55 p.m.17 views

CVE-2013-2129

Cross-site scripting XSS vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label...

4.3CVSS5.3AI score0.01284EPSS
Exploits0References6
Prion
Prion
added 2013/06/24 4:55 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label...

4.3CVSS5.7AI score0.01284EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2013/06/24 4:13 p.m.18 views

CVE-2013-2129

Cross-site scripting XSS vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label...

5.3AI score0.01284EPSS
Exploits0References6
CVE
CVE
added 2013/06/24 4:13 p.m.44 views

CVE-2013-2129

The CVE-2013-2129 issue affects the Drupal Webform module (6.x-3.x) prior to 6.x-3.19. It is a Cross-site Scripting (XSS) vulnerability whereby remote authenticated users with the "edit own webform content" or "edit all webform content" permissions can inject arbitrary web script or HTML via a co...

4.3CVSS5.4AI score0.01284EPSS
Exploits0References6Affected Software1
Drupal
Drupal
added 2013/05/29 12:0 a.m.19 views

SA-CONTRIB-2013-050 - Webform - Cross Site Scripting (XSS)

The Webform module allows the creation of custom webforms and surveys. Webform module does not sanitize the labels of created components fields when displaying a list of components to be used in e-mails or downloaded CSV files. This vulnerability is mitigated by the fact that an attacker must hav...

4.3CVSS6.3AI score0.01284EPSS
Exploits0References10
NVD
NVD
added 2012/12/03 9:55 p.m.14 views

CVE-2012-5554

The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms...

5CVSS6.4AI score0.01369EPSS
Exploits0References4
Prion
Prion
added 2012/12/03 9:55 p.m.10 views

Default configuration

The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms...

5CVSS6.9AI score0.01369EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2012/12/03 9:0 p.m.22 views

CVE-2012-5554

The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms...

6.4AI score0.01369EPSS
Exploits0References4
CVE
CVE
added 2012/12/03 9:0 p.m.40 views

CVE-2012-5554

The CVE-2012-5554 issue affects Webform CiviCRM Integration for Drupal 7.x-3.x. The vulnerability occurs when Enforce Permissions is disabled in versions 7.x-3.0 through 7.x-3.3, allowing remote attackers to read webforms and obtain contact information. The entry notes this affects configurations...

5CVSS6.6AI score0.01369EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2012/09/20 10:55 a.m.12 views

CVE-2011-5189

Cross-site scripting XSS vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors...

2.1CVSS5.3AI score0.01041EPSS
Exploits0References6
Prion
Prion
added 2012/09/20 10:55 a.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors...

2.1CVSS5.7AI score0.01041EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder