13 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy. El proyecto Webform Report versiones 7.x-1.x-dev para Drupal, permite a atacantes remotos visualizar presentaciones al visitar la página /rss.xml. NOTA: Este proyecto no está cubierto por la política de avisos de seguridad de Drupal. • https://www.drupal.org/project/webform_report/issues/3101410 • CWE-425: Direct Request ('Forced Browsing') •

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el módulo Webform Matrix Component 7.x-4.x en versiones anteriores a 7.x-4.13 para Drupal, permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/07/04/4 https://www.drupal.org/node/2442741 https://www.drupal.org/node/2484231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 29EXPL: 0

Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name in the recipient (To) address of an email. Vulnerabilidad de XSS en el módulo Webform anterior a 6.x-3.23, 7.x-3.x anterior a 7.x-3.23, y 7.x-4.x anterior a 7.x-4.5 para Drupal permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web arbitrarios o HTML a través de un nombre de componente en la dirección del recipiente (Para) de un email. • http://www.openwall.com/lists/oss-security/2015/03/22/35 http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/73215 https://www.drupal.org/node/2454055 https://www.drupal.org/node/2454059 https://www.drupal.org/node/2454063 https://www.drupal.org/node/2454903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors. Vulnerabilidad de CSRF en el módulo Webform Multiple File Upload 6.x-1.x anterior a 6.x-1.3 y 7.x-1.x anterior a 7.x-1.3 para Drupal permite a atacantes remotos secuestrar la autenticación de ciertos usuarios para solicitudes que eliminan ficheros a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/74343 https://www.drupal.org/node/2459031 https://www.drupal.org/node/2459035 https://www.drupal.org/node/2459323 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 3.5EPSS: 0%CPEs: 27EXPL: 0

Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used as the default title of a webform block. Vulnerabilidad de XSS en el módulo Webform anterior a 6.x-3.22, 7.x-3.x anterior a 7.x-3.22, y 7.x-4.x anterior a 7.x-4.4 para Drupal permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web arbitrarios o HTML a través de un título de nodo, lel cual se utiliza como el título por defecto de un bloque webform. • http://www.openwall.com/lists/oss-security/2015/03/22/35 http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/72993 https://www.drupal.org/node/2445291 https://www.drupal.org/node/2445295 https://www.drupal.org/node/2445297 https://www.drupal.org/node/2445935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •