62 matches found
EUVD-2009-4499
Malware in sbrugna...
EUVD-2009-4177
Malware in sbrugna...
EUVD-2015-4397
Malware in sbrugna...
EUVD-2015-4380
Malware in sbrugna...
EUVD-2014-8159
Malware in sbrugna...
EUVD-2013-2097
Malware in sbrugna...
CVE-2009-4207
Cross-site scripting XSS vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission...
DRUPAL-CONTRIB-2021-045
Access Bypass: This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently check access for administrative features for webforms attached to nodes using the Webform Node module. This may reveal submitted data or allow an attacker to modify submitted data...
Webform - Critical - Cross Site Scripting, Access Bypass - SA-CONTRIB-2021-045
Access Bypass: This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently check access for administrative features for webforms attached to nodes using the Webform Node module. This may reveal submitted data or allow an attacker to modify submitted data...
Webform - Moderately critical - Cross Site Scripting - SA-CONTRIB-2021-026
The Webform module uses the CKEditor, library for WYSIWYG editing. CKEditor has released a security update that impacts Webform. An attacker that can create or edit content even without access to CKEditor themselves may be able to exploit one or more Cross-Site Scripting XSS vulnerabilities to...
DRUPAL-CONTRIB-2021-004
The Webform module for Drupal 8/9 includes a default Contact webform, which sends a notification email to the site owner and a confirmation email to the email address supplied via the form. The confirmation email can be used as an open mail relay to send an email to any email address. This...
DRUPAL-CONTRIB-2020-018
This webform module enables you to build a 'Term checkboxes' element. The module doesn't sufficiently check term 'view' access when rendering 'Term checkboxes' elements. Unpublished terms will always appear in the 'Term checkboxes' element...
DRUPAL-CONTRIB-2020-016
This webform module enables you to build 'Term select' and 'Term checkboxes' elements. The module doesn't sufficiently check term 'view' access when rendering the 'Term select' and 'Term checkboxes' elements. Unpublished terms will always appear in the 'Term select' and 'Term checkboxes' elements...
DRUPAL-CONTRIB-2020-014
This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter user input under in the scenario when a webform is edited, namely the message related to character min/max counter does not undergo sufficient filtering and thus allows execution of JavaScript cod...
Webform - Moderately critical - Cross site scripting - SA-CONTRIB-2020-013
The Webform module allows site builders to create forms. The module doesn't sufficiently prevent malicious code from being render via an options elements i.e select menu, checkboxes, radios, etc... under the scenario where the site builder allows the raw option value to be displayed. This...
Webform - Critical - Multiple vulnerabilities - SA-CONTRIB-2019-096
This module enables you to create forms to collect information from users and report, analyze and distribute it by email. The 7.x-3.x module doesn't sufficiently sanitize token values taken from query strings. If a query string token is used as the value of a markup component, an attacker can...
Drupal Webform Module Access Bypass Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An access bypass vulnerability exists in Drupal Webform Module, which can be exploited by an attacker to bypass certain security mechanisms and perform unauthorized...
Drupal Webform CiviCRM Integration Module Cross-Site Scripting Vulnerability
Drupal is a free, open source content management system developed in PHP. webform CiviCRM Integration is one of the modules that integrate Webform and CiviCRM. A cross-site scripting vulnerability exists in Drupal Webform CiviCRM Integration, which allows remote attackers to exploit the...
Drupal Webform module cross-site scripting vulnerability (CNVD-2015-03860)
Drupal is a free and open source content management system developed in PHP. webform is a market research questionnaire module. The Drupal Webform module handles view-based webform result forms with a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to...
Drupal Webform module cross-site scripting vulnerability (CNVD-2015-03861)
Drupal is a free and open source content management system developed in PHP. webform is a market research questionnaire module. A cross-site scripting vulnerability exists in the Drupal Webform module processing node header, which allows remote attackers to exploit the vulnerability to inject...