Lucene search
K

284 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

CGI RESCUE WebFORM vulnerable to cross-site scripting

Overview WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability. Impact An abitrary script may be executed on the user's web browser. Solution None...

4.3CVSS6AI score0.01033EPSS
Exploits0References7
NVD
NVD
added 2008/04/15 5:5 p.m.15 views

CVE-2008-1794

Multiple cross-site scripting XSS vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.8AI score0.01065EPSS
Exploits0References5
Prion
Prion
added 2008/04/15 5:5 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01065EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2008/04/15 5:0 p.m.37 views

CVE-2008-1794

The CVE-2008-1794 entry concerns multiple XSS vulnerabilities in the Drupal Webform module affecting versions 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3. The root cause is unspecified in the provided documents, but remote attackers could inject arbitrary web s...

4.3CVSS5.8AI score0.01065EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2008/04/15 5:0 p.m.19 views

CVE-2008-1794

Multiple cross-site scripting XSS vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.8AI score0.01065EPSS
Exploits0References5
Drupal
Drupal
added 2008/04/03 12:0 a.m.13 views

SA-2008-024 - Webform - Cross site scripting

The contributed webform module provides a webform nodetype. Typical uses for webform are to create questionnaires, contact or request/register forms, surveys, polls or a front end to issues tracking systems. On several points in the codebase, user-supplied data is not escaped before it is...

6.2AI score
Exploits0References7
NVD
NVD
added 2007/01/29 5:28 p.m.11 views

CVE-2007-0547

Cross-site scripting XSS vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01033EPSS
Exploits0References4
Prion
Prion
added 2007/01/29 5:28 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01033EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/01/29 5:0 p.m.17 views

CVE-2007-0547

Cross-site scripting XSS vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.01033EPSS
Exploits0References4
CVE
CVE
added 2007/01/29 5:0 p.m.50 views

CVE-2007-0547

CGI-RESCUE WebFORM 4.3 and earlier has a cross-site scripting (XSS) vulnerability allowing remote injection of arbitrary script/HTML via unspecified vectors. Affected: WebFORM CGI script (Perl). Impact: arbitrary script execution in the user’s browser; CVSS v2 base score 4.3 (MEDIUM). Remediation...

4.3CVSS5.7AI score0.01033EPSS
Exploits0References4Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/01/25 12:0 a.m.22 views

JVN#05088443 CGI RESCUE WebFORM vulnerable to HTTP header injection

Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" released from CGI RESCUE also contains a similar vulnerability...

6.9AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/01/25 12:0 a.m.13 views

JVN#24879092 CGI RESCUE WebFORM missing mail content vulnerability

Impact Some part of the sender information in the message may be lost. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" also contains a similar vulnerability...

6.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/01/25 12:0 a.m.14 views

JVN#05123538 CGI RESCUE WebFORM vulnerable to cross-site scripting

Impact An abitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, another product Web Mailer also contains a similar vulnerability. We have confirmed that the fixed version of the Web Mailer is also released...

7AI score
Exploits0
NVD
NVD
added 2006/07/13 1:5 a.m.20 views

CVE-2006-3570

Cross-site scripting XSS vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01184EPSS
Exploits0References5
CVE
CVE
added 2006/07/13 1:0 a.m.48 views

CVE-2006-3570

CVE-2006-3570 concerns the Drupal webform module. Affected versions are Drupal 4.6 and 4.7 prior to July 8, 2006. The vulnerability is an XSS flaw allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected documents confirm the issue but do not specify...

4.3CVSS5.7AI score0.01184EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2006/07/12 12:0 a.m.38 views

[SA21021] Drupal webform Module Script Insertion Vulnerabilities

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

1.2AI score
Exploits0
Drupal
Drupal
added 2006/07/09 12:0 a.m.17 views

XSS vulnerability in webform module

It is possible for a malicious user to insert and execute XSS into webform pages, due to lack of validation on output. Versions affected All webform 4.6 and 4.7 versions prior to July 8, 2006. Drupal core is not affected. If you do not use the webform module, there is nothing you need to do...

6.3AI score
Exploits0References3
Prion
Prion
added 2006/06/12 8:6 p.m.11 views

Design/Logic Flaw

Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information...

7.5CVSS7.3AI score0.01677EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2006/06/12 8:6 p.m.10 views

CVE-2006-2943

Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information...

7.5CVSS6.7AI score0.01677EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/06/12 8:0 p.m.14 views

CVE-2006-2943

Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information...

6.7AI score0.01677EPSS
Exploits0References6
Rows per page
Query Builder