284 matches found
CVE-2016-0223
CVE-2016-0223 affects IBM Forms Server (Webform Framework API) on 4.0., 8.0. , 8.1, 8.2. The vulnerability arises from improper validation of user-supplied input, allowing a remote attacker to execute arbitrary script via a specially crafted URL, i.e., a cross-site scripting (XSS) flaw. Impact in...
Adobe CreativeCloud (Webform) - Persistent Vulnerability
Document Title: =============== Adobe CreativeCloud Webform - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1848 Release Date: ============= 2018-01-04 Vulnerability Laboratory ID VL-ID: ==================================== 184...
Webform Multiple file upload - Moderately Critical - Access bypass - SA-CONTRIB-2017-045
This module enables you to upload multiple files at once in a webform. The module doesn't sufficiently check access to file deletion urls. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to edit all or their own webform submissions. CVE identifier...
U.S. Dept Of Defense: Arbitrary Script Injection (Mail) in a DoD Website
A DoD website was misconfigured in a manner that could have allowed an attacker to inject malicious code into automated emails sent by the server. @ahsantahir was able to demonstrate this vulnerability by posting a specially formatted webform. Thanks @ahsantahir!...
Drupal Webform Module Access Bypass Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An access bypass vulnerability exists in Drupal Webform Module, which can be exploited by an attacker to bypass certain security mechanisms and perform unauthorized...
Webform - Less Critical - Access Bypass - SA-CONTRIB-2016-053
This module provides a user interface to create and configure forms called Webforms. When using forms with private file uploads, Webform wasn't explicitly denying access to files it managed which could allow access to be granted by other modules. The vulnerability is mitigated by the fact that...
CivicRM SQL Injection Vulnerability
Drupal is a free, open source content management system developed in PHP. webform CiviCRM Integration is one of the modules that integrate Webform and CiviCRM. A SQL injection vulnerability exists in CivicRM 4.7b3, which allows an attacker to download database content after authentication...
3 Popular Drupal Modules Found Vulnerable — Patch Released
Just yesterday, I wrote a warning article announcing that Drupal – the popular open source content management system – will release patches for several highly critical Remote Code Execution RCE bugs that could allow attackers to fully take over any affected site. Below are the three separate Drup...
Drupal Patches Three Remote Code Execution Vulnerabilities in Modules
Developers with the open source content management framework Drupal today patched a series of highly critical remote code execution bugs in three separate modules. If exploited, the bugs could let an attacker take over any site running the modules. Fixes for pushed for RESTful Web Services, a...
Drupal Webform Multiple File Upload Remote Code Execution Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community; Webform Multiple File Upload module is a file upload module for Drupal. A remote code execution vulnerability exists in the Drupal Webform Multiple File Upload module. The vulnerabilit...
Webform Multiple File Upload - Critical - Remote Code Execution - SA-CONTRIB-2016-038
The Webform Multiple File Upload module allows users to upload multiple files on a Webform. The Webform Multifile File Upload module contains a Remote Code Execution RCE vulnerability where form inputs will be unserialized and a specially crafted form input may trigger arbitrary code execution...
Drupal Webform CiviCRM Integration模块跨站脚本漏洞
No description provided by source...
Drupal Webform CiviCRM Integration Module Cross-Site Scripting Vulnerability
Drupal is a free, open source content management system developed in PHP. webform CiviCRM Integration is one of the modules that integrate Webform and CiviCRM. A cross-site scripting vulnerability exists in Drupal Webform CiviCRM Integration, which allows remote attackers to exploit the...
Webform CiviCRM Integration - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-160
Webform CiviCRM Integration allows you to add CiviCRM fields to a Drupal Webform. The module doesn't sufficiently escape user input. Some of the vulnerabilities are mitigated by the fact that an attacker must have a role with the permission to edit the webform node plus "access CiviCRM" to define...
Drupal Webform Matrix Component Module Cross-Site Scripting Vulnerability
Drupal is the Drupal community maintains a set of free , open-source content management system developed in PHP language . Webform Matrix Component is one of the matrix/tabular input component module provides . A cross-site scripting vulnerability exists in the Drupal Webform Matrix Component...
CVE-2015-5494
Cross-site scripting XSS vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-5494
The CVE-2015-5494 entry covers a Cross-Site Scripting (XSS) vulnerability in the Webform Matrix Component module for Drupal (versions 7.x-4.x prior to 7.x-4.13). The issue arises from insufficient sanitization of user-supplied text, allowing remote authenticated users with certain permissions to ...
CVE-2015-5494
Cross-site scripting XSS vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...
Fedora Update for drupal7-webform FEDORA-2015-5022
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...