3 matches found
CVE-2013-2129
Cross-site scripting XSS vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label...
CVE-2013-2129
The CVE-2013-2129 issue affects the Drupal Webform module (6.x-3.x) prior to 6.x-3.19. It is a Cross-site Scripting (XSS) vulnerability whereby remote authenticated users with the "edit own webform content" or "edit all webform content" permissions can inject arbitrary web script or HTML via a co...
SA-CONTRIB-2013-050 - Webform - Cross Site Scripting (XSS)
The Webform module allows the creation of custom webforms and surveys. Webform module does not sanitize the labels of created components fields when displaying a list of components to be used in e-mails or downloaded CSV files. This vulnerability is mitigated by the fact that an attacker must hav...