CVE-2012-1660 in Webforminfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

03/12/2012

Disclosure

09/18/2012

Moderation

VulDB entry created

Entries

1: VDB-62330

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

3.5

EPSS

0.00458

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-1660
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-1660
CVE Details	https://www.cvedetails.com/cve/CVE-2012-1660/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!