Vulnerability Details CVE-2008-1794
Multiple cross-site scripting (XSS) vulnerabilities in the Webform Drupal module 5.x before 5.x-1.10, 5.x-2.x before 5.x-2.0-beta3, and 6.x before 6.x-1.0-beta3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://drupal.org/node/242053
- http://secunia.com/advisories/29633
- http://www.securityfocus.com/bid/28597
- http://www.vupen.com/english/advisories/2008/1081/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41617
- http://drupal.org/node/242053
- http://secunia.com/advisories/29633
- http://www.securityfocus.com/bid/28597
- http://www.vupen.com/english/advisories/2008/1081/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41617
Products affected by CVE-2008-1794
-
cpe:2.3:a:drupal:webform_module:5.x-1.0
-
cpe:2.3:a:drupal:webform_module:5.x-1.1
-
cpe:2.3:a:drupal:webform_module:5.x-1.2
-
cpe:2.3:a:drupal:webform_module:5.x-1.3
-
cpe:2.3:a:drupal:webform_module:5.x-1.4
-
cpe:2.3:a:drupal:webform_module:5.x-1.5
-
cpe:2.3:a:drupal:webform_module:5.x-1.6
-
cpe:2.3:a:drupal:webform_module:5.x-1.7
-
cpe:2.3:a:drupal:webform_module:5.x-1.8
-
cpe:2.3:a:drupal:webform_module:5.x-1.9
-
cpe:2.3:a:drupal:webform_module:5.x-2.0
-
cpe:2.3:a:drupal:webform_module:6.x-1.x-dev