2 matches found
CVE-2015-4379
CVE-2015-4379 affects the Drupal Webform Multiple File Upload module (versions 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3). The underlying issue is a CSRF vulnerability that allows remote attackers to hijack the authentication of certain users to perform file-deletion actions via unspe...
CVE-2025-12848
The CVE-2025-12848 issue affects Drupal 7.x Webform Multiple File Upload module, where the XSS vulnerability resides in the file name renderer. An unauthenticated attacker can upload a file with a malicious filename (for example containing JavaScript) to a Webform node with a Multifile field wher...