Webform CiviCRM Integration - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-160
Webform CiviCRM Integration allows you to add CiviCRM fields to a Drupal Webform. The module doesn't sufficiently escape user input. Some of the vulnerabilities are mitigated by the fact that an attacker must have a role with the permission to edit the webform node plus "access CiviCRM" to define...