23 matches found
CVE-2015-1621
Cross-site scripting XSS vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
SA-CONTRIB-2011-023 - Prepopulate - Multiple vulnerabilities
The Prepopulate module enables pre-populating forms in Drupal using the $REQUEST vairable. The module does not adequately validate user input leading to an cross-site scripting XSS possibility in certain circumstances. Users privileged to use forms with certain form fields can insert arbitrary HT...
SA-CONTRIB-2010-086 - Prepopulate - Access Bypass
The Prepopulate module provides the ability for form fields to be pre-populated via the request sent for the form. The module is vulnerable to access bypass which would allow a malicious user to change the value of fields they would not otherwise have access to alter. Versions affected Prepopulat...