Unrated severityNVD Advisory· Published Sep 18, 2012· Updated Jun 16, 2026
CVE-2012-1660
CVE-2012-1660
Description
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
45cpe:2.3:a:nathan_haug:webform:6.x-3.0:*:*:*:*:*:*:*+ 43 more
- cpe:2.3:a:nathan_haug:webform:6.x-3.0:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.1:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.10:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.11:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.12:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.13:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.14:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.15:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.16:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.2:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.3:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.4:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.5:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.6:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.7:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.8:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.9:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:6.x-3.x:dev:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.10:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.11:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.12:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.13:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.15:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.16:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.3:beta1:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.4:beta1:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.6:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.7:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.8:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.9:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:webform:7.x-3.x:dev:*:*:*:*:*:*
- Range: <6.x-3.17, <7.x-3.17
Patches
Vulnerability mechanics
References
10- drupal.org/node/1472178nvdPatch
- drupal.org/node/1472180nvdPatch
- drupal.org/node/1472214nvdPatchVendor Advisory
- www.securityfocus.com/bid/52345nvdPatch
- secunia.com/advisories/48310nvdVendor Advisory
- drupalcode.org/project/webform.git/commit/90af819nvd
- drupalcode.org/project/webform.git/commit/917fa91nvd
- www.openwall.com/lists/oss-security/2012/04/07/1nvd
- www.osvdb.org/79852nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/73779nvd
News mentions
0No linked articles in our index yet.