CVE-2009-4990

Jrbcs Webform Report - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission.

References (3)

[Vendor Advisory] http://drupal.org/node/540980

[Vendor Advisory] http://secunia.com/advisories/36181

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/35953

Scores

EPSS 0.0025

EPSS Percentile 47.6%

Classification

CWE

CWE-79

Status published

Affected Products (14)

jrbcs/webform_report

n/a/n/a

Timeline

Published Aug 25, 2010

Tracked Since Feb 18, 2026