3 matches found
CVE-2015-1621
Cross-site scripting XSS vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-1621
The CVE-2015-1621 is a Drupal Webform prepopulate block vulnerability. Affected component: Webform prepopulate block module for Drupal 7.x (before 7.x-3.1). Issue: cross-site scripting (XSS) where user-supplied text is not sufficiently sanitized when displaying the block, allowing remote authenti...
SA-CONTRIB-2015-040 - Webform prepopulate block - Cross Site Scripting (XSS)
Webform prepopulate block module enables you to set a webform component to display in a separated block. The module doesn't sufficiently sanitize user supplied text when displaying the block, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that a...