CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

283 matches found

OSV•added 2026/03/04 5:58 p.m.•3 views

DRUPAL-CONTRIB-2026-023

This module extends the Drupal form API adding "Calculation element" form element types, which can evaluate a maths expression. It offers webform integration. The module doesn't sufficiently validate user input; this could be exploited to achieve Information Disclosure or Cross-site Scripting XSS...

6.1CVSS5.9AI score0.00013EPSS

Exploits0References1

Positive Technologies•added 2026/03/04 12:0 a.m.•1 views

PT-2026-23111

Name of the Vulnerable Software and Affected Versions Drupal Calculation Fields versions prior to 1.0.4 Description The Calculation Fields module for Drupal does not properly validate user-supplied input, potentially allowing for Information Disclosure or Cross-Site Scripting XSS attacks. This...

5.8AI score0.00013EPSS

Exploits0References3

Drupal•added 2026/03/04 12:0 a.m.•7 views

Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023

6.1CVSS5.8AI score0.00013EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 11:51 a.m.•4 views

CVE-2009-4990

Cross-site scripting XSS vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission...

4.3CVSS5.9AI score0.00246EPSS

Exploits0References1

RedhatCVE•added 2025/12/02 7:21 p.m.•2 views

CVE-2025-12848

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...

7CVSS6AI score0.00018EPSS

Exploits0References2

OSV•added 2025/11/26 2:15 a.m.•0 views

CVE-2025-12848

6.1CVSS5.8AI score

Exploits0References1

NVD•added 2025/11/26 2:15 a.m.•3 views

CVE-2025-12848

7CVSS0.00018EPSS

Exploits0References4

Vulnrichment•added 2025/11/26 1:28 a.m.•2 views

CVE-2025-12848 XSS vulnerability when rendering filename in Webform Multiform

7CVSS6AI score0.00018EPSS

Exploits0References4

EUVD•added 2025/11/26 1:28 a.m.•2 views

EUVD-2025-199686

7CVSS5.9AI score0.00018EPSS

Exploits0References2

ATTACKERKB•added 2025/11/26 1:28 a.m.•0 views

CVE-2025-12848

7CVSS5.9AI score0.00018EPSS

Exploits0References5Affected Software1

Cvelist•added 2025/11/26 1:28 a.m.•9 views

CVE-2025-12848 XSS vulnerability when rendering filename in Webform Multiform

7CVSS0.00018EPSS

Exploits0References4

CVE•added 2025/11/26 1:28 a.m.•7 views

CVE-2025-12848

The CVE-2025-12848 issue affects Drupal 7.x Webform Multiple File Upload module, where the XSS vulnerability resides in the file name renderer. An unauthenticated attacker can upload a file with a malicious filename (for example containing JavaScript) to a Webform node with a Multifile field wher...

7CVSS6AI score0.00018EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2025/11/26 12:0 a.m.•2 views

PT-2025-48120

Name of the Vulnerable Software and Affected Versions Drupal Webform Multiple File Upload module versions 7.x affected versions not specified Description The Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS issue in the file name renderer. An unauthenticated...

7CVSS6.1AI score0.00018EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-1794

Malware in sbrugna...

4.3CVSS6.4AI score0.00357EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-11465

Malware in sbrugna...

7.5CVSS7.5AI score0.00294EPSS

Exploits0References2