284 matches found
CGI RESCUE WebFORM vulnerable to cross-site scripting
Overview WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability. Impact An abitrary script may be executed on the user's web browser. Solution None...
CVE-2008-1794
Multiple cross-site scripting XSS vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-1794
The CVE-2008-1794 entry concerns multiple XSS vulnerabilities in the Drupal Webform module affecting versions 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3. The root cause is unspecified in the provided documents, but remote attackers could inject arbitrary web s...
CVE-2008-1794
Multiple cross-site scripting XSS vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
SA-2008-024 - Webform - Cross site scripting
The contributed webform module provides a webform nodetype. Typical uses for webform are to create questionnaires, contact or request/register forms, surveys, polls or a front end to issues tracking systems. On several points in the codebase, user-supplied data is not escaped before it is...
CVE-2007-0547
Cross-site scripting XSS vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-0547
Cross-site scripting XSS vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2007-0547
CGI-RESCUE WebFORM 4.3 and earlier has a cross-site scripting (XSS) vulnerability allowing remote injection of arbitrary script/HTML via unspecified vectors. Affected: WebFORM CGI script (Perl). Impact: arbitrary script execution in the user’s browser; CVSS v2 base score 4.3 (MEDIUM). Remediation...
JVN#05088443 CGI RESCUE WebFORM vulnerable to HTTP header injection
Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" released from CGI RESCUE also contains a similar vulnerability...
JVN#24879092 CGI RESCUE WebFORM missing mail content vulnerability
Impact Some part of the sender information in the message may be lost. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" also contains a similar vulnerability...
JVN#05123538 CGI RESCUE WebFORM vulnerable to cross-site scripting
Impact An abitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, another product Web Mailer also contains a similar vulnerability. We have confirmed that the fixed version of the Web Mailer is also released...
CVE-2006-3570
Cross-site scripting XSS vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2006-3570
CVE-2006-3570 concerns the Drupal webform module. Affected versions are Drupal 4.6 and 4.7 prior to July 8, 2006. The vulnerability is an XSS flaw allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected documents confirm the issue but do not specify...
[SA21021] Drupal webform Module Script Insertion Vulnerabilities
---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...
XSS vulnerability in webform module
It is possible for a malicious user to insert and execute XSS into webform pages, due to lack of validation on output. Versions affected All webform 4.6 and 4.7 versions prior to July 8, 2006. Drupal core is not affected. If you do not use the webform module, there is nothing you need to do...
Design/Logic Flaw
Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information...
CVE-2006-2943
Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information...
CVE-2006-2943
Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information...