CVE-2025-28870

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in amocrm amoCRM WebForm amocrm-webform allows DOM-Based XSS.This issue affects amoCRM WebForm: from n/a through = 1.1...

CVE-2025-28870

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in amocrm amoCRM WebForm allows DOM-Based XSS. This issue affects amoCRM WebForm: from n/a through 1.1...

CVE-2025-28870 WordPress amoCRM WebForm plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in amocrm amoCRM WebForm amocrm-webform allows DOM-Based XSS.This issue affects amoCRM WebForm: from n/a through = 1.1...

CVE-2025-28870 WordPress amoCRM WebForm plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in amocrm amoCRM WebForm amocrm-webform allows DOM-Based XSS.This issue affects amoCRM WebForm: from n/a through = 1.1...

CVE-2025-28870

CVE-2025-28870 is a DOM-based Cross-Site Scripting vulnerability in the WordPress plugin amoCRM WebForm. Affected: amoCRM WebForm ≤ 1.1. Root cause: improper neutralization during web page generation leading to XSS. Access requirement: authenticated (Contributor+) user can trigger the stored XSS....

WordPress plugin amoCRM WebForm 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin amoCR...

VulnCheck KEV: CVE-2014-8379

Multiple cross-site scripting XSS vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the 1 Webform or 2 User sub-modules...

webform.propertyboss.net Cross Site Scripting vulnerability OBB-3902282

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

DRUPAL-CONTRIB-2021-045

Access Bypass: This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently check access for administrative features for webforms attached to nodes using the Webform Node module. This may reveal submitted data or allow an attacker to modify submitted data...

Webform - Critical - Cross Site Scripting, Access Bypass - SA-CONTRIB-2021-045

Access Bypass: This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently check access for administrative features for webforms attached to nodes using the Webform Node module. This may reveal submitted data or allow an attacker to modify submitted data...

DRUPAL-CONTRIB-2021-026

The Webform module uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Webform. An attacker that can create or edit content even without access to CKEditor themselves may be able to exploit one or more Cross-Site Scripting XSS vulnerabilities to...

Webform - Moderately critical - Cross Site Scripting - SA-CONTRIB-2021-026

The Webform module uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Webform. An attacker that can create or edit content even without access to CKEditor themselves may be able to exploit one or more Cross-Site Scripting XSS vulnerabilities to...

DRUPAL-CONTRIB-2021-004

The Webform module for Drupal 8/9 includes a default Contact webform, which sends a notification email to the site owner and a confirmation email to the email address supplied via the form. The confirmation email can be used as an open mail relay to send an email to any email address. This...

Webform - Moderately critical - Access bypass - SA-CONTRIB-2021-004

The Webform module for Drupal 8/9 includes a default Contact webform, which sends a notification email to the site owner and a confirmation email to the email address supplied via the form. The confirmation email can be used as an open mail relay to send an email to any email address. This...

CVE-2019-25012

The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy...

CVE-2019-25012

The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy...

Code injection

The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy...

Drupal Security Vulnerabilities

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability in Drupal Webform Report project 7.x-1.x-dev allows remote attackers to view submitted content by accessing the rss.xml page...

CVE-2019-25012

CVE-2019-25012 (Webform Report for Drupal 7.x-1.x-dev) : The vulnerability allows remote attackers to view submissions by accessing the /rss.xml page. The connected records confirm the affected component is the Webform Report project for Drupal; no further technical details (affected versions bey...

CVE-2019-25012

The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy...