CVE-2014-9498

Cross-site scripting XSS vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web...

Cross site scripting

Cross-site scripting XSS vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web...

CVE-2014-9498

Cross-site scripting XSS vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web...

CVE-2014-9498

The Drupal Webform Invitation module (7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4) is affected by an XSS vulnerability due to insufficient sanitization of node titles. Exploitation requires an attacker to have one of the Webform-related permissions: Webform: Create new content, Webform: Edi...

SA-CONTRIB-2014-116 - Webform Invitation - Cross Site Scripting (XSS)

This module enables you to create custom invitation codes for Webforms. The module failed to sanitize node titles. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Webform: Create new content", "Webform: Edit own content" and/or "Webform: Edit any...