284 matches found
DRUPAL-CONTRIB-2020-018
This webform module enables you to build a 'Term checkboxes' element. The module doesn't sufficiently check term 'view' access when rendering 'Term checkboxes' elements. Unpublished terms will always appear in the 'Term checkboxes' element...
Webform - Critical - Access bypass - SA-CONTRIB-2020-018
This webform module enables you to build a 'Term checkboxes' element. The module doesn't sufficiently check term 'view' access when rendering 'Term checkboxes' elements. Unpublished terms will always appear in the 'Term checkboxes' element...
DRUPAL-CONTRIB-2020-017
This module enables you to build forms and surveys in Drupal. The Webform Node sub-module allows these forms to be associated with a Drupal node. The Webform Node module does not implement access checking in the same manner as other nodes and entities. As such, writers of custom modules which...
DRUPAL-CONTRIB-2020-016
This webform module enables you to build 'Term select' and 'Term checkboxes' elements. The module doesn't sufficiently check term 'view' access when rendering the 'Term select' and 'Term checkboxes' elements. Unpublished terms will always appear in the 'Term select' and 'Term checkboxes' elements...
DRUPAL-CONTRIB-2020-015
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently sanitize Webform labels nor visibility conditions under the scenario of placing a block. When a webform block is placed and visible on a website any JavaScript code contained within the webform's label w...
DRUPAL-CONTRIB-2020-014
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter user input under in the scenario when a webform is edited, namely the message related to character min/max counter does not undergo sufficient filtering and thus allows execution of JavaScript cod...
DRUPAL-CONTRIB-2020-013
The Webform module allows site builders to create forms. The module doesn't sufficiently prevent malicious code from being render via an options elements i.e select menu, checkboxes, radios, etc... under the scenario where the site builder allows the raw option value to be displayed. This...
DRUPAL-CONTRIB-2020-012
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently validate data submitted into Webform Signature element during webform submission creation. This allows a malicious user to generate and extract HMAC hashes for arbitrary data. Such HMAC hashes are used...
DRUPAL-CONTRIB-2020-011
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter webform element properties attributes under the scenario of editing a webform. Malicious user could craft such an attribute element\validate, for example that would invoke execution of undesired P...
Webform - Critical - Remote Code Execution - SA-CONTRIB-2020-011
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter webform element properties attributes under the scenario of editing a webform. Malicious user could craft such an attribute elementvalidate, for example that would invoke execution of undesired PH...
Webform - Critical - Access bypass - SA-CONTRIB-2020-016
This webform module enables you to build 'Term select' and 'Term checkboxes' elements. The module doesn't sufficiently check term 'view' access when rendering the 'Term select' and 'Term checkboxes' elements. Unpublished terms will always appear in the 'Term select' and 'Term checkboxes' elements...
Webform - Moderately critical - Access bypass - SA-CONTRIB-2020-017
This module enables you to build forms and surveys in Drupal. The Webform Node sub-module allows these forms to be associated with a Drupal node. The Webform Node module does not implement access checking in the same manner as other nodes and entities. As such, writers of custom modules which...
Webform - Moderately critical - Cross site scripting - SA-CONTRIB-2020-015
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently sanitize Webform labels nor visibility conditions under the scenario of placing a block. When a webform block is placed and visible on a website any JavaScript code contained within the webform's label w...
Webform - Moderately critical - Access bypass - SA-CONTRIB-2020-012
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently validate data submitted into Webform Signature element during webform submission creation. This allows a malicious user to generate and extract HMAC hashes for arbitrary data. Such HMAC hashes are used...
Webform - Moderately critical - Cross site scripting - SA-CONTRIB-2020-014
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter user input under in the scenario when a webform is edited, namely the message related to character min/max counter does not undergo sufficient filtering and thus allows execution of JavaScript cod...
Webform - Moderately critical - Cross site scripting - SA-CONTRIB-2020-013
The Webform module allows site builders to create forms. The module doesn't sufficiently prevent malicious code from being render via an options elements i.e select menu, checkboxes, radios, etc... under the scenario where the site builder allows the raw option value to be displayed. This...
CVE-2020-6219
SAP Business Objects Business Intelligence Platform CrystalReports WebForm Viewer, versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service a...
CVE-2020-6219
CVE-2020-6219 affects SAP Business Objects BI Platform components including CrystalReports WebForm Viewer (SAP Crystal Reports for VS 2010) and Crystal Reports Platform versions 4.1/4.2. The root cause is a deserialization of untrusted data vulnerability that an attacker with basic authorization ...
Fedora Update for drupal7-webform FEDORA-2019-6abe00cae1
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 30 : drupal7-webform (2019-6abe00cae1)
https://www.drupal.org/project/webform/releases/7.x-4.21 - https://www.drupal.org/sa-contrib-2019-096 - https://www.drupal.org/project/webform/releases/7.x-4.20 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable...