CVSS: 5.4EPSS: 0%CPEs: 29EXPL: 0CVE-2015-4374
https://notcve.org/view.php?id=CVE-2015-4374
16 Jun 2015 — Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name in the recipient (To) address of an email. Vulnerabilidad de XSS en el módulo Webform anterior a 6.x-3.23, 7.x-3.x anterior a 7.x-3.23, y 7.x-4.x anterior a 7.x-4.5 para Drupal permite a usuarios remotos autenticados con ciertos permisos inyectar sec... • http://www.openwall.com/lists/oss-security/2015/03/22/35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 27EXPL: 0CVE-2015-4357
https://notcve.org/view.php?id=CVE-2015-4357
15 Jun 2015 — Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used as the default title of a webform block. Vulnerabilidad de XSS en el módulo Webform anterior a 6.x-3.22, 7.x-3.x anterior a 7.x-3.22, y 7.x-4.x anterior a 7.x-4.4 para Drupal permite a usuarios remotos autenticados con ciertos permisos iny... • http://www.openwall.com/lists/oss-security/2015/03/22/35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 41EXPL: 0CVE-2014-8318
https://notcve.org/view.php?id=CVE-2014-8318
17 Oct 2014 — Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label title, when two fields have the same form_key. Vulnerabilidad XSS en el módulo Webform 6.x-3.x anterior a 6.x-3.20, 7.x-3.x anterior a 7.x-3.20 y 7.x-4.x anterior a 7.x-4.0-beta para Drupal permite a usuarios remotos autenticados con deter... • http://osvdb.org/103262 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 27EXPL: 0CVE-2013-2129
https://notcve.org/view.php?id=CVE-2013-2129
24 Jun 2013 — Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label. Vulnerabilidad XSS en el módulo WebForm 6.x-3.x anterior 6.x-3.19 para Drupal permite a usuarios autenticados con los permisos para edit own webform content" o "edit all webform content" inyectar secuencias de comandos web o HTML arbitraria... • http://osvdb.org/93749 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 45EXPL: 0CVE-2012-1660
https://notcve.org/view.php?id=CVE-2012-1660
18 Sep 2012 — Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en components/select.inc en el módulo Webf... • http://drupal.org/node/1472178 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 44EXPL: 0CVE-2009-4532
https://notcve.org/view.php?id=CVE-2009-4532
31 Dec 2009 — Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el módulo para Drupal Webform v5.x anterior a v5.x-2.8 y v6.x anterior a v6.x-2.8, permite a usuarios autenticados remotamente, con privilegio de creación en webform, inyectar secuen... • http://drupal.org/node/604942 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2009-4533
https://notcve.org/view.php?id=CVE-2009-4533
31 Dec 2009 — The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors. El módulo Webform v5.x anteriores a v5.x-2.8 y v6.x anteriores a v6.x-2.8, un módulo para Drupal, no evita el almacenamiento en caché de una página que contiene una variable token con un valor por defecto, permitiendo a atacantes remotos leer variables de ses... • http://drupal.org/node/604920 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 41EXPL: 0CVE-2009-4207
https://notcve.org/view.php?id=CVE-2009-4207
04 Dec 2009 — Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Webform versiones v5.x anteriores a v5.x-2.7 y v6.x anteriores a v6.x-2.7, un módulo para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante un envío de formulario. • http://drupal.org/node/481258 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •