CVE-2015-4356

CVE-2015-4356 affects the Drupal Webform module (7.x-4.x) before 7.x-4.4. The vulnerability is an XSS in the view-based webform results table, exploitable by remote authenticated users with certain permissions to inject arbitrary script/HTML via a webform. The root cause is insufficient escaping ...

CVE-2015-4374

CVE-2015-4374 describes a cross-site scripting (XSS) vulnerability in the Drupal Webform module. The issue allows remote authenticated users with certain permissions to inject arbitrary script/HTML via a component name in the recipient (To) address used for emails sent by Webform. Affected are Dr...

CVE-2014-8318

The issue CVE-2014-8318 affects the Webform contributed module for Drupal. Affected versions: Webform 6.x-3.x before 6.x-3.20; 7.x-3.x before 7.x-3.20; and 7.x-4.x before 7.x-4.0-beta2. Description: remote authenticated users with certain permissions can inject arbitrary web script or HTML via a ...

CVE-2015-4357

The CVE-2015-4357 vulnerability affects the Drupal Webform contributed module. Specifically, Webform 6.x prior to 6.x-3.22, 7.x prior to 7.x-3.22, and 7.x-4.x prior to 7.x-4.4 allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title that is...