5 matches found
CVE-2009-4207
CVE-2009-4207 describes a cross-site scripting (XSS) vulnerability in the Drupal Webform module: versions 5.x before 5.x-2.7 and 6.x before 6.x-2.7 are affected. The issue allows remote attackers to inject arbitrary web script or HTML via a submission. The connected documents confirm the affected...
CVE-2012-1660
The CVE-2012-1660 issue affects the Drupal Webform module (component: Webform) via the Select (or Other) submodule. Vulnerable versions are Webform 6.x-3.x before 6.x-3.17 and Webform 7.x-3.x before 7.x-3.17, where XSS can be injected by remote authenticated users who have the create webform cont...
CVE-2013-2129
The CVE-2013-2129 issue affects the Drupal Webform module (6.x-3.x) prior to 6.x-3.19. It is a Cross-site Scripting (XSS) vulnerability whereby remote authenticated users with the "edit own webform content" or "edit all webform content" permissions can inject arbitrary web script or HTML via a co...
CVE-2009-4533
CVE-2009-4533 affects the Drupal Webform module (5.x before 5.x-2.8 and 6.x before 6.x-2.8). The underlying issue is that pages containing token placeholders for a default value are not prevented from being cached, which can allow remote attackers to read session variables via unspecified vectors...
CVE-2009-4532
The CVE-2009-4532 issue affects the Drupal Webform module (5.x prior to 5.x-2.8 and 6.x prior to 6.x-2.8). The root cause is a Cross-site Scripting (XSS) vulnerability in a field label. An attacker must be a remote authenticated user with webform creation privileges, and can inject arbitrary web ...