2 matches found
CVE-2015-4356
Cross-site scripting XSS vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform...
CVE-2015-4356
CVE-2015-4356 affects the Drupal Webform module (7.x-4.x) before 7.x-4.4. The vulnerability is an XSS in the view-based webform results table, exploitable by remote authenticated users with certain permissions to inject arbitrary script/HTML via a webform. The root cause is insufficient escaping ...