Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nathan_haug | webform | 6.x-3.14 |
| nathan_haug | webform | 6.x-3.5 |
| nathan_haug | webform | 6.x-3.3 |
| nathan_haug | webform | 6.x-3.4 |
| nathan_haug | webform | 6.x-3.15 |
| nathan_haug | webform | * |
| nathan_haug | webform | 6.x-3.11 |
| nathan_haug | webform | 6.x-3.7 |
| nathan_haug | webform | 6.x-3.0 |
| nathan_haug | webform | 6.x-3.17 |
| nathan_haug | webform | 6.x-3.16 |
| nathan_haug | webform | 6.x-3.9 |
| nathan_haug | webform | 6.x-3.12 |
| nathan_haug | webform | 6.x-3.x |
| nathan_haug | webform | 6.x-3.8 |
| nathan_haug | webform | 6.x-3.13 |
| nathan_haug | webform | 6.x-3.6 |
| nathan_haug | webform | 6.x-3.2 |
| nathan_haug | webform | 6.x-3.1 |
| nathan_haug | webform | 6.x-3.10 |
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nathan_haug | filefield_sources | 7.x-1.8 |
| nathan_haug | filefield_sources | 6.x-1.5 |
| nathan_haug | filefield_sources | 6.x-1.6 |
| nathan_haug | filefield_sources | 6.x-1.8 |
| nathan_haug | filefield_sources | 7.x-1.5 |
| nathan_haug | filefield_sources | 7.x-1.6 |
| nathan_haug | filefield_sources | 6.x-1.3 |
| nathan_haug | filefield_sources | 6.x-1.4 |
| nathan_haug | filefield_sources | 7.x-1.x |
| nathan_haug | filefield_sources | 6.x-1.2 |
| nathan_haug | filefield_sources | 7.x-1.4 |
| nathan_haug | filefield_sources | 6.x-1.0 |
| nathan_haug | filefield_sources | 6.x-1.1 |
| nathan_haug | filefield_sources | 7.x-1.2 |
| nathan_haug | filefield_sources | 7.x-1.7 |
| nathan_haug | filefield_sources | 6.x-1.7 |
| nathan_haug | filefield_sources | 7.x-1.3 |