CVE-2009-4532

Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label...

CVE-2009-4533

The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors...

CVE-2009-4533

The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors...

CVE-2009-4532

Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label...

CVE-2009-4533

CVE-2009-4533 affects the Drupal Webform module (5.x before 5.x-2.8 and 6.x before 6.x-2.8). The underlying issue is that pages containing token placeholders for a default value are not prevented from being cached, which can allow remote attackers to read session variables via unspecified vectors...

CVE-2009-4532

The CVE-2009-4532 issue affects the Drupal Webform module (5.x prior to 5.x-2.8 and 6.x prior to 6.x-2.8). The root cause is a Cross-site Scripting (XSS) vulnerability in a field label. An attacker must be a remote authenticated user with webform creation privileges, and can inject arbitrary web ...

Cross site scripting

Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission...

CVE-2009-4207

Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission...

CVE-2009-4207

Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission...

CVE-2009-4207

CVE-2009-4207 describes a cross-site scripting (XSS) vulnerability in the Drupal Webform module: versions 5.x before 5.x-2.7 and 6.x before 6.x-2.7 are affected. The issue allows remote attackers to inject arbitrary web script or HTML via a submission. The connected documents confirm the affected...

SA-CONTRIB-2009-074- Webform - Multiple vulnerabilities

Cross-site scripting The Webform module enables the creation of custom forms for collecting data from users. The Webform module does not properly escape field labels in certain situations. A malicious user with permission to create webforms could attempt a cross-site scripting XSS attack when...

SA-CONTRIB-2009-050 - Webform report - Cross site scripting

Webform report allows users to create simple, dynamic reports based on data collected by the webform module. When displaying the results of Webform submissions, the module does not properly escape user entered data, leading to a cross-site scripting XSS vulnerability. Versions affected Webform...

SA-CONTRIB-2009-032 - Webform - Cross-site scripting

The Webform module provides a node type which is typically used to enable site visitors to fill in questionnaires, contact or request/registration forms, surveys, polls, or other forms on a Drupal site. When displaying the results of Webform submissions, the module does not properly filter user...

Code injection

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...

CVE-2008-2638

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...

CVE-2008-2638

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...

CVE-2008-2638

CVE-2008-2638 affects 1Book 1.0.1 and earlier . The vulnerability is in guestbook.php : remote attackers can upload arbitrary PHP code via the message parameter of an HTML web form, which is written to data.php . The CVSS vector (as per NVD) indicates _network-based, low complexity, no auth with ...

CGI RESCUE WebFORM missing mail content vulnerability

Overview WebFORM from CGI RESCUE is software that enables the emailing of contents of an HTML form. A vulnerability exists in WebFORM. By entering a particular string in the message body, a message missing sender information could be sent. Impact Some part of the sender information in the message...

CGI RESCUE WebFORM vulnerable to HTTP header injection

Overview WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers. Impact Falsified information may be displayed or an arbitrary scri...

CGI RESCUE WebFORM vulnerable to cross-site scripting

Overview WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability. Impact An abitrary script may be executed on the user's web browser. Solution None...