3 matches found
CVE-2014-8318
Cross-site scripting XSS vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields hav...
CVE-2014-8318
The issue CVE-2014-8318 affects the Webform contributed module for Drupal. Affected versions: Webform 6.x-3.x before 6.x-3.20; 7.x-3.x before 7.x-3.20; and 7.x-4.x before 7.x-4.0-beta2. Description: remote authenticated users with certain permissions can inject arbitrary web script or HTML via a ...
SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)
The Webform module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have the same formkey, which can only be managed by carefully crafting the webform...