VYPR

Webform

by Nathan Haug

CVEs (5)

  • CVE-2013-2129Jun 24, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label.

  • CVE-2012-1660Sep 18, 2012
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content…

  • CVE-2009-4533Dec 31, 2009
    risk 0.00cvss epss 0.02

    The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors.

  • CVE-2009-4532Dec 31, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.

  • CVE-2009-4207Dec 4, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission.