CVE-2012-1660

NONECVSS 0.0

0.0

Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.

🔗 References (20)

secalert@redhathttp://drupal.org/node/1472178
secalert@redhathttp://drupal.org/node/1472180
secalert@redhathttp://drupal.org/node/1472214
secalert@redhathttp://drupalcode.org/project/webform.git/commit/90af819
secalert@redhathttp://drupalcode.org/project/webform.git/commit/917fa91
secalert@redhathttp://secunia.com/advisories/48310
secalert@redhathttp://www.openwall.com/lists/oss-security/2012/04/07/1
secalert@redhathttp://www.osvdb.org/79852
secalert@redhathttp://www.securityfocus.com/bid/52345
secalert@redhathttps://exchange.xforce.ibmcloud.com/vulnerabilities/73779
af854a3a-2127-422b-91ae-364da2661108http://drupal.org/node/1472178
af854a3a-2127-422b-91ae-364da2661108http://drupal.org/node/1472180
af854a3a-2127-422b-91ae-364da2661108http://drupal.org/node/1472214
af854a3a-2127-422b-91ae-364da2661108http://drupalcode.org/project/webform.git/commit/90af819
af854a3a-2127-422b-91ae-364da2661108http://drupalcode.org/project/webform.git/commit/917fa91

Is Your Infrastructure Affected by CVE-2012-1660?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-1660

📅 Published

🔄 Last Modified

🔗 References (20)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-1660?