Lucene search
K

284 matches found

CVE
CVE
added 2018/03/15 10:0 p.m.37 views

CVE-2016-0223

CVE-2016-0223 affects IBM Forms Server (Webform Framework API) on 4.0., 8.0. , 8.1, 8.2. The vulnerability arises from improper validation of user-supplied input, allowing a remote attacker to execute arbitrary script via a specially crafted URL, i.e., a cross-site scripting (XSS) flaw. Impact in...

6.1CVSS5.7AI score0.0087EPSS
Exploits0References2Affected Software1
Vulnerability Lab
Vulnerability Lab
added 2018/01/04 12:0 a.m.34 views

Adobe CreativeCloud (Webform) - Persistent Vulnerability

Document Title: =============== Adobe CreativeCloud Webform - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1848 Release Date: ============= 2018-01-04 Vulnerability Laboratory ID VL-ID: ==================================== 184...

7.1AI score
Exploits0
Drupal
Drupal
added 2017/05/10 12:0 a.m.18 views

Webform Multiple file upload - Moderately Critical - Access bypass - SA-CONTRIB-2017-045

This module enables you to upload multiple files at once in a webform. The module doesn't sufficiently check access to file deletion urls. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to edit all or their own webform submissions. CVE identifier...

7.1AI score
Exploits0References12
Hacker One
Hacker One
added 2016/12/01 7:4 a.m.11 views

U.S. Dept Of Defense: Arbitrary Script Injection (Mail) in a DoD Website

A DoD website was misconfigured in a manner that could have allowed an attacker to inject malicious code into automated emails sent by the server. @ahsantahir was able to demonstrate this vulnerability by posting a specially formatted webform. Thanks @ahsantahir!...

2.7AI score
Exploits0
CNVD
CNVD
added 2016/10/24 12:0 a.m.4 views

Drupal Webform Module Access Bypass Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An access bypass vulnerability exists in Drupal Webform Module, which can be exploited by an attacker to bypass certain security mechanisms and perform unauthorized...

6.9AI score
Exploits0References1
Drupal
Drupal
added 2016/10/19 12:0 a.m.14 views

Webform - Less Critical - Access Bypass - SA-CONTRIB-2016-053

This module provides a user interface to create and configure forms called Webforms. When using forms with private file uploads, Webform wasn't explicitly denying access to files it managed which could allow access to be granted by other modules. The vulnerability is mitigated by the fact that...

7AI score
Exploits0References14
CNVD
CNVD
added 2016/10/10 12:0 a.m.1 views

CivicRM SQL Injection Vulnerability

Drupal is a free, open source content management system developed in PHP. webform CiviCRM Integration is one of the modules that integrate Webform and CiviCRM. A SQL injection vulnerability exists in CivicRM 4.7b3, which allows an attacker to download database content after authentication...

8AI score
Exploits0References1
The Hacker News
The Hacker News
added 2016/07/14 12:34 a.m.14 views

3 Popular Drupal Modules Found Vulnerable — Patch Released

Just yesterday, I wrote a warning article announcing that Drupal – the popular open source content management system – will release patches for several highly critical Remote Code Execution RCE bugs that could allow attackers to fully take over any affected site. Below are the three separate Drup...

8.1AI score
Exploits0
ThreatPost
ThreatPost
added 2016/07/13 3:33 p.m.11 views

Drupal Patches Three Remote Code Execution Vulnerabilities in Modules

Developers with the open source content management framework Drupal today patched a series of highly critical remote code execution bugs in three separate modules. If exploited, the bugs could let an attacker take over any site running the modules. Fixes for pushed for RESTful Web Services, a...

0.1AI score
Exploits0References7
CNVD
CNVD
added 2016/07/13 12:0 a.m.3 views

Drupal Webform Multiple File Upload Remote Code Execution Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community; Webform Multiple File Upload module is a file upload module for Drupal. A remote code execution vulnerability exists in the Drupal Webform Multiple File Upload module. The vulnerabilit...

8.3AI score
Exploits0References1
Drupal
Drupal
added 2016/07/13 12:0 a.m.17 views

Webform Multiple File Upload - Critical - Remote Code Execution - SA-CONTRIB-2016-038

The Webform Multiple File Upload module allows users to upload multiple files on a Webform. The Webform Multifile File Upload module contains a Remote Code Execution RCE vulnerability where form inputs will be unserialized and a specially crafted form input may trigger arbitrary code execution...

8.3AI score
Exploits0References13
seebug.org
seebug.org
added 2015/11/18 12:0 a.m.24 views

Drupal Webform CiviCRM Integration模块跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/11/01 12:0 a.m.2 views

Drupal Webform CiviCRM Integration Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP. webform CiviCRM Integration is one of the modules that integrate Webform and CiviCRM. A cross-site scripting vulnerability exists in Drupal Webform CiviCRM Integration, which allows remote attackers to exploit the...

6.2AI score
Exploits0References1
Drupal
Drupal
added 2015/10/21 12:0 a.m.15 views

Webform CiviCRM Integration - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-160

Webform CiviCRM Integration allows you to add CiviCRM fields to a Drupal Webform. The module doesn't sufficiently escape user input. Some of the vulnerabilities are mitigated by the fact that an attacker must have a role with the permission to edit the webform node plus "access CiviCRM" to define...

7.2AI score
Exploits0References13
CNVD
CNVD
added 2015/08/19 12:0 a.m.1 views

Drupal Webform Matrix Component Module Cross-Site Scripting Vulnerability

Drupal is the Drupal community maintains a set of free , open-source content management system developed in PHP language . Webform Matrix Component is one of the matrix/tabular input component module provides . A cross-site scripting vulnerability exists in the Drupal Webform Matrix Component...

3.5CVSS6.1AI score0.00954EPSS
Exploits0References1
NVD
NVD
added 2015/08/18 5:59 p.m.13 views

CVE-2015-5494

Cross-site scripting XSS vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.3AI score0.00954EPSS
Exploits0References3
Prion
Prion
added 2015/08/18 5:59 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.7AI score0.00954EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/08/18 5:0 p.m.33 views

CVE-2015-5494

The CVE-2015-5494 entry covers a Cross-Site Scripting (XSS) vulnerability in the Webform Matrix Component module for Drupal (versions 7.x-4.x prior to 7.x-4.13). The issue arises from insufficient sanitization of user-supplied text, allowing remote authenticated users with certain permissions to ...

3.5CVSS5.4AI score0.00954EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/08/18 5:0 p.m.22 views

CVE-2015-5494

Cross-site scripting XSS vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...

5.3AI score0.00954EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/07/07 12:0 a.m.10 views

Fedora Update for drupal7-webform FEDORA-2015-5022

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Rows per page
Query Builder