CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-8317
https://notcve.org/view.php?id=CVE-2014-8317
Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name text. Vulnerabilidad de XSS en el módulo Webform Validation 6.x-1.x anterior a 6.x-1.6 y 7.x-1.x anterior a 7.x-1.4 para Drupal permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a través del componente name text. • http://secunia.com/advisories/56882 http://www.securityfocus.com/bid/65525 https://drupal.org/node/2194621 https://exchange.xforce.ibmcloud.com/vulnerabilities/91134 https://www.drupal.org/node/2194011 https://www.drupal.org/node/2194013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2011-5189
https://notcve.org/view.php?id=CVE-2011-5189
Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Webform Validation v6.x-1.x anterior a v6.x-1.5 y v7.x-1.x anterior a v7.x-1.1 para Drupal, permite a usuarios remotos autenticados con permisos para "actualizar nodos Webform" inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://drupal.org/node/1357354 http://drupal.org/node/1357356 http://drupal.org/node/1357360 http://secunia.com/advisories/47035 http://www.osvdb.org/77426 https://exchange.xforce.ibmcloud.com/vulnerabilities/71597 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •