CVE-2013-2129

Nathan Haug Webform < 6.x-3.18 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label.

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/93749

[Vendor Advisory] http://secunia.com/advisories/53184

[Vendor Advisory] https://drupal.org/node/2007390

[Vendor Advisory] https://drupal.org/node/2007460

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/84628

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/60218

Scores

EPSS 0.0039

EPSS Percentile 59.7%

Details

CWE

CWE-79

Status published

Products (27)

nathan_haug/webform < 6.x-3.18

nathan_haug/webform

nathan_haug/webform

nathan_haug/webform

nathan_haug/webform

nathan_haug/webform

nathan_haug/webform

nathan_haug/webform

nathan_haug/webform

nathan_haug/webform

... and 17 more

Published Jun 24, 2013

Tracked Since Feb 18, 2026