SA-CONTRIB-2015-040 - Webform prepopulate block - Cross Site Scripting (XSS)
Webform prepopulate block module enables you to set a webform component to display in a separated block. The module doesn't sufficiently sanitize user supplied text when displaying the block, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that a...