Search criteria
15 vulnerabilities found for webform by nathan_haug
FKIE_CVE-2013-2129
Vulnerability from fkie_nvd - Published: 2013-06-24 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nathan_haug | webform | * | |
| nathan_haug | webform | 6.x-3.0 | |
| nathan_haug | webform | 6.x-3.0 | |
| nathan_haug | webform | 6.x-3.0 | |
| nathan_haug | webform | 6.x-3.0 | |
| nathan_haug | webform | 6.x-3.0 | |
| nathan_haug | webform | 6.x-3.0 | |
| nathan_haug | webform | 6.x-3.0 | |
| nathan_haug | webform | 6.x-3.1 | |
| nathan_haug | webform | 6.x-3.2 | |
| nathan_haug | webform | 6.x-3.3 | |
| nathan_haug | webform | 6.x-3.4 | |
| nathan_haug | webform | 6.x-3.5 | |
| nathan_haug | webform | 6.x-3.6 | |
| nathan_haug | webform | 6.x-3.7 | |
| nathan_haug | webform | 6.x-3.8 | |
| nathan_haug | webform | 6.x-3.9 | |
| nathan_haug | webform | 6.x-3.10 | |
| nathan_haug | webform | 6.x-3.11 | |
| nathan_haug | webform | 6.x-3.12 | |
| nathan_haug | webform | 6.x-3.13 | |
| nathan_haug | webform | 6.x-3.14 | |
| nathan_haug | webform | 6.x-3.15 | |
| nathan_haug | webform | 6.x-3.16 | |
| nathan_haug | webform | 6.x-3.17 | |
| nathan_haug | webform | 6.x-3.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nathan_haug:webform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4568B36-4A97-4835-A277-01D2EF9314C6",
"versionEndIncluding": "6.x-3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49B8E4E4-7245-44B4-AF75-B062F9D301DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "41DFE1F2-10EF-45D5-98AE-8F1BB66B69C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "62D964F5-4D09-4391-A77D-3C5DF1813B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9E3F30F7-2E62-4689-93CD-7C7A6B764649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7095E0C4-022C-4895-B6AF-9F0F114E8579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5D7677E8-6C56-44F8-B21A-E56D743ED252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "53ABE095-A9C5-44FC-B8FC-F4BD68797325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "721B5811-C368-42D2-90CC-61F1A865B1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1227821-B0BC-43F1-9BCB-7C74A9C73F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D733D0E-2E28-4110-9F79-39245753E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B18EA857-F2B5-4836-8EC6-E3A710561D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB517CC-86A7-4FE2-BB4E-0BD7746CE8AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2632BCA0-C4F5-42D3-9B70-E72DCE5350BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "22C00856-B6A6-44E0-9432-ABC94B933B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "875CC57E-3955-4FD6-9658-9D4972979301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31D84A9B-A7C8-43AE-BB27-171F24C1023D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A185B180-5499-4995-A1EE-76C1E9DA2F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46B4B3E6-3838-417A-981A-34D2D2DB4AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "30C50884-F31B-4853-B32B-E22210715E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A074A39D-38E1-4AAD-8370-0D294B79E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A34C0E4A-134A-4917-B72F-040CBAA5EDEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "78880127-FE7F-4D9E-AE1B-25C640857AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "76185438-5E76-4858-B008-B0653C1F0A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B0BC742C-054D-49A2-A530-3BDB2EC796FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "9A246130-B69E-421A-AC6F-12097AA1E86F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the \"edit own webform content\" or \"edit all webform content\" permissions to inject arbitrary web script or HTML via a component label."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en el m\u00f3dulo WebForm 6.x-3.x anterior 6.x-3.19 para Drupal permite a usuarios autenticados con los permisos para edit own webform content\" o \"edit all webform content\" inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de una etiqueta del componente."
}
],
"id": "CVE-2013-2129",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-06-24T16:55:01.107",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/93749"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53184"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/60218"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2007390"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2007460"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/60218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2007390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2007460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84628"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-1660
Vulnerability from fkie_nvd - Published: 2012-09-18 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49B8E4E4-7245-44B4-AF75-B062F9D301DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "41DFE1F2-10EF-45D5-98AE-8F1BB66B69C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "62D964F5-4D09-4391-A77D-3C5DF1813B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9E3F30F7-2E62-4689-93CD-7C7A6B764649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7095E0C4-022C-4895-B6AF-9F0F114E8579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "5D7677E8-6C56-44F8-B21A-E56D743ED252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "53ABE095-A9C5-44FC-B8FC-F4BD68797325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "721B5811-C368-42D2-90CC-61F1A865B1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1227821-B0BC-43F1-9BCB-7C74A9C73F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D733D0E-2E28-4110-9F79-39245753E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B18EA857-F2B5-4836-8EC6-E3A710561D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB517CC-86A7-4FE2-BB4E-0BD7746CE8AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2632BCA0-C4F5-42D3-9B70-E72DCE5350BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "22C00856-B6A6-44E0-9432-ABC94B933B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "875CC57E-3955-4FD6-9658-9D4972979301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31D84A9B-A7C8-43AE-BB27-171F24C1023D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A185B180-5499-4995-A1EE-76C1E9DA2F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46B4B3E6-3838-417A-981A-34D2D2DB4AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "30C50884-F31B-4853-B32B-E22210715E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A074A39D-38E1-4AAD-8370-0D294B79E330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A34C0E4A-134A-4917-B72F-040CBAA5EDEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "78880127-FE7F-4D9E-AE1B-25C640857AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "76185438-5E76-4858-B008-B0653C1F0A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-3.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "9A246130-B69E-421A-AC6F-12097AA1E86F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "12966C58-498A-49E6-858E-FEF5819BD28B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4E0CC773-05FF-4664-A096-9392C64E5B8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "31898A33-BDF6-4F06-9C7C-468ADFCC9714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "A3099A58-3B76-4C22-92E5-71850900C5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B4922773-2342-4DD3-8894-8A12B2FC1858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "6F563BBA-6055-4D7D-B421-2C9D7A1163EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "91C229BF-460B-45C7-9E94-33502C86D1CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.3:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9B1FB719-0FDF-4D11-8BC4-DC2C6F8C77AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.4:beta1:*:*:*:*:*:*",
"matchCriteriaId": "14B51727-A0E3-4E87-B567-396ECF2D41A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "00C8014E-B61C-4035-9AE2-73B70FD79375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC79D42-9A31-4BC9-9991-89E87C7DC804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91379C1E-361A-46AC-9B33-5F9A975DBD23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C8304508-EF8F-49B8-AA1D-78B43C62AFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "037BBFFF-C545-425B-B5A5-CA247B6471DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B87A41-9A74-4703-8AD8-F2B4A6A4FD7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C968E03E-3180-48CA-A314-FCE19BF6F1E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DEDD6853-4521-4D7B-AE94-6DC4013E101B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2556E664-7D44-4528-B68A-2955A6899E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "67F1070E-501B-44DA-9B0B-502149929252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:7.x-3.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "8B99BE46-9927-40FF-B208-24C99763D120",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the \"Select (or other)\" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en components/select.inc en el m\u00f3dulo Webform v6.x-3.x antes de v6.x-3.17 y v7.x-3.x antes de v7.x-3.17 para Drupal, cuando el m\u00f3dulo \"Select (or other)\" est\u00e1 habilitado, permite a usuarios autenticados remotamente con permisos de creaci\u00f3n de contenidos webform, inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con (1) casillas de verificaci\u00f3n o (2) botones radio."
}
],
"id": "CVE-2012-1660",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-18T20:55:02.193",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1472178"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1472180"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1472214"
},
{
"source": "secalert@redhat.com",
"url": "http://drupalcode.org/project/webform.git/commit/90af819"
},
{
"source": "secalert@redhat.com",
"url": "http://drupalcode.org/project/webform.git/commit/917fa91"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48310"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/79852"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/52345"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1472178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1472180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1472214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/webform.git/commit/90af819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/webform.git/commit/917fa91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/79852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/52345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73779"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4532
Vulnerability from fkie_nvd - Published: 2009-12-31 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nathan_haug:webform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3173583-D6A5-4858-850A-0F35965D806C",
"versionEndIncluding": "5.x-2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB9D43-9771-4076-863F-D88320358A8D",
"versionEndIncluding": "6.x-2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE98470-E90E-4B02-BF9C-8A77A2F37FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E086ED5-4F81-4E2B-8C26-2C0FD5ACF012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAFC48B-628B-4BE5-8075-5195DCA62239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87C35363-1F35-4C86-AB17-B4B83FA327AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "31F8DDFD-D995-4994-BFAB-8A79197946A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FF015C66-674F-4E30-8965-A29E9DDBDBD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C85D90-5718-43F6-9A21-BC1C7FBB4660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2F6BBA-9583-4A6E-8BD7-9C9137BDF7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50CF5C6D-2519-4E3A-A3F0-37363A78665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3BC389-6C64-4F81-B81A-969ED7548741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06F6BA05-5FD1-47CD-85B7-C6757399FC98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA566E25-C5BC-489E-84FD-EB00D1C088FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC6C9BC-6029-4EAA-B956-5C1DFC330690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3B4489-5E0C-4425-845F-713F3FDE14A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB71D04-20DE-4E4C-982D-45E915678EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7874ADFF-597A-44F7-BA75-99BFA7A2FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96F80B58-AA5B-4225-ABED-B9B28F989DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEE16F2-DF33-454E-BF2A-919EDC3C39EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA838C52-6DA7-469F-ADCC-2A40375E97C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414AAB2-881F-4B3B-BAD2-8A790E4ACD20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF5E53D-AC18-4F79-8372-57210AC95B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEBF83B-494B-4206-8F86-883F0C107D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F8589A46-A370-4F3D-AD4B-6979CB253611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50FD41A8-FA49-40D4-BF68-2B82A8B1D01E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "27555BCB-6CD2-45B6-9F30-3918D31D582A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9F21B7-3B5F-46AA-9BCC-27C4A8EC10EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "2116A457-4B84-48D3-95E9-36F0713FE660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A5E7E4-277A-4D28-BC2B-C7413501A886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "40F0F162-9ED2-413F-AA62-D66BA8781B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C2055E-DE93-46EF-A17A-B81E287A5464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC8A0D6-73D9-4635-BB25-7F9C550074A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3EA1E3-49D5-4F34-9A4E-64919876A325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3641571E-5135-48B9-9BE0-9A4B80A6FD8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC3A0E2-9DB0-456E-B19B-8C25B970DC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "783AA635-7F88-4DEB-806F-E63C50A2F509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "930832D2-A7A3-477D-94F0-10879C951E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "33D074D5-35C6-4250-8483-5B2C2D9CDC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA94879-0671-43F8-A0D8-433A659B0FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0A31AF-E2CD-46ED-B238-C39589A4C791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4482C777-21D6-4E63-841B-7AD866956C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DFF727-D2ED-4784-84A1-B73DF5093015",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en el m\u00f3dulo para Drupal Webform v5.x anterior a v5.x-2.8 y v6.x anterior a v6.x-2.8, permite a usuarios autenticados remotamente, con privilegio de creaci\u00f3n en webform, inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del campo \"label\"."
}
],
"id": "CVE-2009-4532",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-31T19:30:00.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/604942"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/58945"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37021"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/604942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/58945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53796"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4533
Vulnerability from fkie_nvd - Published: 2009-12-31 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nathan_haug:webform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3173583-D6A5-4858-850A-0F35965D806C",
"versionEndIncluding": "5.x-2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB9D43-9771-4076-863F-D88320358A8D",
"versionEndIncluding": "6.x-2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE98470-E90E-4B02-BF9C-8A77A2F37FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E086ED5-4F81-4E2B-8C26-2C0FD5ACF012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAFC48B-628B-4BE5-8075-5195DCA62239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87C35363-1F35-4C86-AB17-B4B83FA327AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "31F8DDFD-D995-4994-BFAB-8A79197946A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FF015C66-674F-4E30-8965-A29E9DDBDBD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C85D90-5718-43F6-9A21-BC1C7FBB4660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2F6BBA-9583-4A6E-8BD7-9C9137BDF7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50CF5C6D-2519-4E3A-A3F0-37363A78665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3BC389-6C64-4F81-B81A-969ED7548741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06F6BA05-5FD1-47CD-85B7-C6757399FC98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA566E25-C5BC-489E-84FD-EB00D1C088FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC6C9BC-6029-4EAA-B956-5C1DFC330690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3B4489-5E0C-4425-845F-713F3FDE14A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0-beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB71D04-20DE-4E4C-982D-45E915678EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7874ADFF-597A-44F7-BA75-99BFA7A2FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96F80B58-AA5B-4225-ABED-B9B28F989DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEE16F2-DF33-454E-BF2A-919EDC3C39EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA838C52-6DA7-469F-ADCC-2A40375E97C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414AAB2-881F-4B3B-BAD2-8A790E4ACD20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF5E53D-AC18-4F79-8372-57210AC95B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEBF83B-494B-4206-8F86-883F0C107D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F8589A46-A370-4F3D-AD4B-6979CB253611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50FD41A8-FA49-40D4-BF68-2B82A8B1D01E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "27555BCB-6CD2-45B6-9F30-3918D31D582A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9F21B7-3B5F-46AA-9BCC-27C4A8EC10EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta2:*:*:*:*:*:*:*",
"matchCriteriaId": "2116A457-4B84-48D3-95E9-36F0713FE660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A5E7E4-277A-4D28-BC2B-C7413501A886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta4:*:*:*:*:*:*:*",
"matchCriteriaId": "40F0F162-9ED2-413F-AA62-D66BA8781B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta5:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C2055E-DE93-46EF-A17A-B81E287A5464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-beta6:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC8A0D6-73D9-4635-BB25-7F9C550074A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3EA1E3-49D5-4F34-9A4E-64919876A325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3641571E-5135-48B9-9BE0-9A4B80A6FD8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC3A0E2-9DB0-456E-B19B-8C25B970DC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "783AA635-7F88-4DEB-806F-E63C50A2F509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "930832D2-A7A3-477D-94F0-10879C951E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "33D074D5-35C6-4250-8483-5B2C2D9CDC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA94879-0671-43F8-A0D8-433A659B0FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0A31AF-E2CD-46ED-B238-C39589A4C791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4482C777-21D6-4E63-841B-7AD866956C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DFF727-D2ED-4784-84A1-B73DF5093015",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00f3dulo Webform v5.x anteriores a v5.x-2.8 y v6.x anteriores a v6.x-2.8, un m\u00f3dulo para Drupal, no evita el almacenamiento en cach\u00e9 de una p\u00e1gina que contiene una variable token con un valor por defecto, permitiendo a atacantes remotos leer variables de sesi\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2009-4533",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-31T19:30:00.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/604920"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/604922"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/604942"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/58946"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37021"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36708"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/604920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/604922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/604942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/58946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-4207
Vulnerability from fkie_nvd - Published: 2009-12-04 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE98470-E90E-4B02-BF9C-8A77A2F37FA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E086ED5-4F81-4E2B-8C26-2C0FD5ACF012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAFC48B-628B-4BE5-8075-5195DCA62239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "31F8DDFD-D995-4994-BFAB-8A79197946A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FF015C66-674F-4E30-8965-A29E9DDBDBD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C85D90-5718-43F6-9A21-BC1C7FBB4660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2F6BBA-9583-4A6E-8BD7-9C9137BDF7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50CF5C6D-2519-4E3A-A3F0-37363A78665D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "0FED676C-3806-413D-8DC0-5609EC8E0665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06F6BA05-5FD1-47CD-85B7-C6757399FC98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "57A6760D-4D7E-43C6-8208-79ADFC675CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "88EDA037-DCAE-40EA-9EC2-EFF5B8AF8005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.0:beta_3:*:*:*:*:*:*",
"matchCriteriaId": "7BC4AA1F-FAD9-44B9-8C07-EB8E44B1866E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7874ADFF-597A-44F7-BA75-99BFA7A2FE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A3919BE-4F73-49BF-B598-6538403BA61A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEE16F2-DF33-454E-BF2A-919EDC3C39EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA838C52-6DA7-469F-ADCC-2A40375E97C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C414AAB2-881F-4B3B-BAD2-8A790E4ACD20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF5E53D-AC18-4F79-8372-57210AC95B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FEBF83B-494B-4206-8F86-883F0C107D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F8589A46-A370-4F3D-AD4B-6979CB253611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50FD41A8-FA49-40D4-BF68-2B82A8B1D01E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-2.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "07065B63-E844-417E-B249-8722E6D71EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:5.x-5:*:*:*:*:*:*:*",
"matchCriteriaId": "25A75395-586B-45EE-A2D5-93846D0815DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "91B75882-7B8A-4356-9339-6835705C4946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "5FB644B9-0A46-4243-B7A6-02BECB300311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "02122520-C439-4612-B117-8744DD3C8E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "816ECE4A-8391-4899-931D-B22371F8E46F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "953AE0F8-B7D8-49FB-B06C-A164CEA7B5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.0-:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8FED8D35-6A23-433E-85D9-00CA50DE194B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3EA1E3-49D5-4F34-9A4E-64919876A325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3641571E-5135-48B9-9BE0-9A4B80A6FD8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DC3A0E2-9DB0-456E-B19B-8C25B970DC87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "783AA635-7F88-4DEB-806F-E63C50A2F509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "930832D2-A7A3-477D-94F0-10879C951E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "33D074D5-35C6-4250-8483-5B2C2D9CDC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA94879-0671-43F8-A0D8-433A659B0FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0A31AF-E2CD-46ED-B238-C39589A4C791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4482C777-21D6-4E63-841B-7AD866956C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nathan_haug:webform:6.x-2.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "8193708B-0118-4F5D-A1A7-0EEB79F5E255",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Webform versiones v5.x anteriores a v5.x-2.7 y v6.x anteriores a v6.x-2.7, un m\u00f3dulo para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante un env\u00edo de formulario."
}
],
"id": "CVE-2009-4207",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-04T19:30:00.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/481258"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/481260"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/481268"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35339"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/481258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/481260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/481268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35197"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-2129 (GCVE-0-2013-2129)
Vulnerability from cvelistv5 – Published: 2013-06-24 16:13 – Updated: 2024-08-06 15:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60218"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2007460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2007390"
},
{
"name": "93749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93749"
},
{
"name": "drupal-webform-cve20132129-label-xss(84628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84628"
},
{
"name": "53184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the \"edit own webform content\" or \"edit all webform content\" permissions to inject arbitrary web script or HTML via a component label."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60218"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2007460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2007390"
},
{
"name": "93749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93749"
},
{
"name": "drupal-webform-cve20132129-label-xss(84628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84628"
},
{
"name": "53184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the \"edit own webform content\" or \"edit all webform content\" permissions to inject arbitrary web script or HTML via a component label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60218"
},
{
"name": "https://drupal.org/node/2007460",
"refsource": "MISC",
"url": "https://drupal.org/node/2007460"
},
{
"name": "https://drupal.org/node/2007390",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2007390"
},
{
"name": "93749",
"refsource": "OSVDB",
"url": "http://osvdb.org/93749"
},
{
"name": "drupal-webform-cve20132129-label-xss(84628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84628"
},
{
"name": "53184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2129",
"datePublished": "2013-06-24T16:13:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1660 (GCVE-0-2012-1660)
Vulnerability from cvelistv5 – Published: 2012-09-18 20:00 – Updated: 2024-08-06 19:01
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1472180"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1472178"
},
{
"name": "52345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52345"
},
{
"name": "48310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48310"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/webform.git/commit/917fa91"
},
{
"name": "79852",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79852"
},
{
"name": "drupal-webform-unspecified-xss-var2(73779)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73779"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/webform.git/commit/90af819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1472214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the \"Select (or other)\" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1472180"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1472178"
},
{
"name": "52345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52345"
},
{
"name": "48310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48310"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/webform.git/commit/917fa91"
},
{
"name": "79852",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79852"
},
{
"name": "drupal-webform-unspecified-xss-var2(73779)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73779"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/webform.git/commit/90af819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1472214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the \"Select (or other)\" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1472180",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1472180"
},
{
"name": "http://drupal.org/node/1472178",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1472178"
},
{
"name": "52345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52345"
},
{
"name": "48310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48310"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "http://drupalcode.org/project/webform.git/commit/917fa91",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/webform.git/commit/917fa91"
},
{
"name": "79852",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79852"
},
{
"name": "drupal-webform-unspecified-xss-var2(73779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73779"
},
{
"name": "http://drupalcode.org/project/webform.git/commit/90af819",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/webform.git/commit/90af819"
},
{
"name": "http://drupal.org/node/1472214",
"refsource": "MISC",
"url": "http://drupal.org/node/1472214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1660",
"datePublished": "2012-09-18T20:00:00",
"dateReserved": "2012-03-12T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4533 (GCVE-0-2009-4533)
Vulnerability from cvelistv5 – Published: 2009-12-31 19:00 – Updated: 2024-08-07 07:08
VLAI?
Summary
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604920"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604922"
},
{
"name": "58946",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58946"
},
{
"name": "drupal-webform-cache-info-disclosure(53797)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604920"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604922"
},
{
"name": "58946",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58946"
},
{
"name": "drupal-webform-cache-info-disclosure(53797)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37021"
},
{
"name": "ADV-2009-2923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "http://drupal.org/node/604920",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604920"
},
{
"name": "http://drupal.org/node/604942",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604942"
},
{
"name": "http://drupal.org/node/604922",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604922"
},
{
"name": "58946",
"refsource": "OSVDB",
"url": "http://osvdb.org/58946"
},
{
"name": "drupal-webform-cache-info-disclosure(53797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4533",
"datePublished": "2009-12-31T19:00:00",
"dateReserved": "2009-12-31T00:00:00",
"dateUpdated": "2024-08-07T07:08:37.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4532 (GCVE-0-2009-4532)
Vulnerability from cvelistv5 – Published: 2009-12-31 19:00 – Updated: 2024-08-07 07:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "58945",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58945"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "drupal-webform-labels-xss(53796)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "58945",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58945"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "drupal-webform-labels-xss(53796)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37021"
},
{
"name": "58945",
"refsource": "OSVDB",
"url": "http://osvdb.org/58945"
},
{
"name": "ADV-2009-2923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "drupal-webform-labels-xss(53796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53796"
},
{
"name": "http://drupal.org/node/604942",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4532",
"datePublished": "2009-12-31T19:00:00",
"dateReserved": "2009-12-31T00:00:00",
"dateUpdated": "2024-08-07T07:08:37.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4207 (GCVE-0-2009-4207)
Vulnerability from cvelistv5 – Published: 2009-12-04 19:00 – Updated: 2024-09-16 19:21
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35197",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35197"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/481268"
},
{
"name": "35339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/481258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/481260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-04T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35197",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35197"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/481268"
},
{
"name": "35339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/481258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/481260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35197"
},
{
"name": "http://drupal.org/node/481268",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/481268"
},
{
"name": "35339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35339"
},
{
"name": "http://drupal.org/node/481258",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/481258"
},
{
"name": "http://drupal.org/node/481260",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/481260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4207",
"datePublished": "2009-12-04T19:00:00Z",
"dateReserved": "2009-12-04T00:00:00Z",
"dateUpdated": "2024-09-16T19:21:01.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2129 (GCVE-0-2013-2129)
Vulnerability from nvd – Published: 2013-06-24 16:13 – Updated: 2024-08-06 15:27
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60218",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60218"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2007460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2007390"
},
{
"name": "93749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93749"
},
{
"name": "drupal-webform-cve20132129-label-xss(84628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84628"
},
{
"name": "53184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the \"edit own webform content\" or \"edit all webform content\" permissions to inject arbitrary web script or HTML via a component label."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60218",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60218"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2007460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2007390"
},
{
"name": "93749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93749"
},
{
"name": "drupal-webform-cve20132129-label-xss(84628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84628"
},
{
"name": "53184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the \"edit own webform content\" or \"edit all webform content\" permissions to inject arbitrary web script or HTML via a component label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60218"
},
{
"name": "https://drupal.org/node/2007460",
"refsource": "MISC",
"url": "https://drupal.org/node/2007460"
},
{
"name": "https://drupal.org/node/2007390",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2007390"
},
{
"name": "93749",
"refsource": "OSVDB",
"url": "http://osvdb.org/93749"
},
{
"name": "drupal-webform-cve20132129-label-xss(84628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84628"
},
{
"name": "53184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2129",
"datePublished": "2013-06-24T16:13:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1660 (GCVE-0-2012-1660)
Vulnerability from nvd – Published: 2012-09-18 20:00 – Updated: 2024-08-06 19:01
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1472180"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1472178"
},
{
"name": "52345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52345"
},
{
"name": "48310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48310"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/webform.git/commit/917fa91"
},
{
"name": "79852",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/79852"
},
{
"name": "drupal-webform-unspecified-xss-var2(73779)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73779"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/webform.git/commit/90af819"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1472214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the \"Select (or other)\" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1472180"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1472178"
},
{
"name": "52345",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52345"
},
{
"name": "48310",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48310"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/webform.git/commit/917fa91"
},
{
"name": "79852",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/79852"
},
{
"name": "drupal-webform-unspecified-xss-var2(73779)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73779"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/webform.git/commit/90af819"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1472214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the \"Select (or other)\" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1472180",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1472180"
},
{
"name": "http://drupal.org/node/1472178",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1472178"
},
{
"name": "52345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52345"
},
{
"name": "48310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48310"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "http://drupalcode.org/project/webform.git/commit/917fa91",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/webform.git/commit/917fa91"
},
{
"name": "79852",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79852"
},
{
"name": "drupal-webform-unspecified-xss-var2(73779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73779"
},
{
"name": "http://drupalcode.org/project/webform.git/commit/90af819",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/webform.git/commit/90af819"
},
{
"name": "http://drupal.org/node/1472214",
"refsource": "MISC",
"url": "http://drupal.org/node/1472214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1660",
"datePublished": "2012-09-18T20:00:00",
"dateReserved": "2012-03-12T00:00:00",
"dateUpdated": "2024-08-06T19:01:02.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4533 (GCVE-0-2009-4533)
Vulnerability from nvd – Published: 2009-12-31 19:00 – Updated: 2024-08-07 07:08
VLAI?
Summary
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604920"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604942"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604922"
},
{
"name": "58946",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58946"
},
{
"name": "drupal-webform-cache-info-disclosure(53797)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604920"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604942"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604922"
},
{
"name": "58946",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58946"
},
{
"name": "drupal-webform-cache-info-disclosure(53797)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37021"
},
{
"name": "ADV-2009-2923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "http://drupal.org/node/604920",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604920"
},
{
"name": "http://drupal.org/node/604942",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604942"
},
{
"name": "http://drupal.org/node/604922",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604922"
},
{
"name": "58946",
"refsource": "OSVDB",
"url": "http://osvdb.org/58946"
},
{
"name": "drupal-webform-cache-info-disclosure(53797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53797"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4533",
"datePublished": "2009-12-31T19:00:00",
"dateReserved": "2009-12-31T00:00:00",
"dateUpdated": "2024-08-07T07:08:37.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4532 (GCVE-0-2009-4532)
Vulnerability from nvd – Published: 2009-12-31 19:00 – Updated: 2024-08-07 07:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "58945",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58945"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "drupal-webform-labels-xss(53796)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/604942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37021"
},
{
"name": "58945",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58945"
},
{
"name": "ADV-2009-2923",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "drupal-webform-labels-xss(53796)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/604942"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36708"
},
{
"name": "37021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37021"
},
{
"name": "58945",
"refsource": "OSVDB",
"url": "http://osvdb.org/58945"
},
{
"name": "ADV-2009-2923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2923"
},
{
"name": "drupal-webform-labels-xss(53796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53796"
},
{
"name": "http://drupal.org/node/604942",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604942"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4532",
"datePublished": "2009-12-31T19:00:00",
"dateReserved": "2009-12-31T00:00:00",
"dateUpdated": "2024-08-07T07:08:37.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4207 (GCVE-0-2009-4207)
Vulnerability from nvd – Published: 2009-12-04 19:00 – Updated: 2024-09-16 19:21
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35197",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35197"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/481268"
},
{
"name": "35339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/481258"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/481260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-04T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35197",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35197"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/481268"
},
{
"name": "35339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/481258"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/481260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35197"
},
{
"name": "http://drupal.org/node/481268",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/481268"
},
{
"name": "35339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35339"
},
{
"name": "http://drupal.org/node/481258",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/481258"
},
{
"name": "http://drupal.org/node/481260",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/481260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4207",
"datePublished": "2009-12-04T19:00:00Z",
"dateReserved": "2009-12-04T00:00:00Z",
"dateUpdated": "2024-09-16T19:21:01.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}