Lucene search
K
Nathan HaugWebform

5 matches found

CVE
CVE
added 2009/12/04 7:0 p.m.48 views

CVE-2009-4207

CVE-2009-4207 describes a cross-site scripting (XSS) vulnerability in the Drupal Webform module: versions 5.x before 5.x-2.7 and 6.x before 6.x-2.7 are affected. The issue allows remote attackers to inject arbitrary web script or HTML via a submission. The connected documents confirm the affected...

4.3CVSS5.7AI score0.01065EPSS
CVE
CVE
added 2012/09/18 8:0 p.m.47 views

CVE-2012-1660

The CVE-2012-1660 issue affects the Drupal Webform module (component: Webform) via the Select (or Other) submodule. Vulnerable versions are Webform 6.x-3.x before 6.x-3.17 and Webform 7.x-3.x before 7.x-3.17, where XSS can be injected by remote authenticated users who have the create webform cont...

2.1CVSS5.4AI score0.01277EPSS
CVE
CVE
added 2013/06/24 4:13 p.m.44 views

CVE-2013-2129

The CVE-2013-2129 issue affects the Drupal Webform module (6.x-3.x) prior to 6.x-3.19. It is a Cross-site Scripting (XSS) vulnerability whereby remote authenticated users with the "edit own webform content" or "edit all webform content" permissions can inject arbitrary web script or HTML via a co...

4.3CVSS5.4AI score0.01284EPSS
CVE
CVE
added 2009/12/31 7:0 p.m.39 views

CVE-2009-4533

CVE-2009-4533 affects the Drupal Webform module (5.x before 5.x-2.8 and 6.x before 6.x-2.8). The underlying issue is that pages containing token placeholders for a default value are not prevented from being cached, which can allow remote attackers to read session variables via unspecified vectors...

5CVSS6.7AI score0.01524EPSS
CVE
CVE
added 2009/12/31 7:0 p.m.38 views

CVE-2009-4532

The CVE-2009-4532 issue affects the Drupal Webform module (5.x prior to 5.x-2.8 and 6.x prior to 6.x-2.8). The root cause is a Cross-site Scripting (XSS) vulnerability in a field label. An attacker must be a remote authenticated user with webform creation privileges, and can inject arbitrary web ...

3.5CVSS5.3AI score0.00996EPSS