CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25012
https://notcve.org/view.php?id=CVE-2019-25012
The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy. El proyecto Webform Report versiones 7.x-1.x-dev para Drupal, permite a atacantes remotos visualizar presentaciones al visitar la página /rss.xml. NOTA: Este proyecto no está cubierto por la política de avisos de seguridad de Drupal. • https://www.drupal.org/project/webform_report/issues/3101410 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5494
https://notcve.org/view.php?id=CVE-2015-5494
Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el módulo Webform Matrix Component 7.x-4.x en versiones anteriores a 7.x-4.13 para Drupal, permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/07/04/4 https://www.drupal.org/node/2442741 https://www.drupal.org/node/2484231 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 29EXPL: 0CVE-2015-4374
https://notcve.org/view.php?id=CVE-2015-4374
Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name in the recipient (To) address of an email. Vulnerabilidad de XSS en el módulo Webform anterior a 6.x-3.23, 7.x-3.x anterior a 7.x-3.23, y 7.x-4.x anterior a 7.x-4.5 para Drupal permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web arbitrarios o HTML a través de un nombre de componente en la dirección del recipiente (Para) de un email. • http://www.openwall.com/lists/oss-security/2015/03/22/35 http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/73215 https://www.drupal.org/node/2454055 https://www.drupal.org/node/2454059 https://www.drupal.org/node/2454063 https://www.drupal.org/node/2454903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4354
https://notcve.org/view.php?id=CVE-2015-4354
Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el módulo Ubercart Webform Integration anterior a 6.x-1.8 y 7.x anterior a 7.x-2.4 para Drupal permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/72812 https://www.drupal.org/node/2437991 https://www.drupal.org/node/2463199 https://www.drupal.org/node/2463207 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4379
https://notcve.org/view.php?id=CVE-2015-4379
Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors. Vulnerabilidad de CSRF en el módulo Webform Multiple File Upload 6.x-1.x anterior a 6.x-1.3 y 7.x-1.x anterior a 7.x-1.3 para Drupal permite a atacantes remotos secuestrar la autenticación de ciertos usuarios para solicitudes que eliminan ficheros a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/74343 https://www.drupal.org/node/2459031 https://www.drupal.org/node/2459035 https://www.drupal.org/node/2459323 • CWE-352: Cross-Site Request Forgery (CSRF) •