3 matches found
SA-CONTRIB-2014-094 - Webform Patched - Cross Site Scripting (XSS)
The Webform Patched module is a fork of the Webform module with Token support added. The module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have...
SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)
The Webform module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have the same formkey, which can only be managed by carefully crafting the webform...
SA-CONTRIB-2009-025 - Fivestar - Cross-site request forgery
The Fivestar module provides a voting widget for content and records votes using Ajax. The URL used by the javascript to register votes is vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly vote for content. Versions affected Fivestar 5.x-1.x prior to...