CVE-2012-1660: XSS
First published: Tue Sep 18 2012(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nathan Haug Webform | =6.x-3.0 | |
| Nathan Haug Webform | =6.x-3.0-beta1 | |
| Nathan Haug Webform | =6.x-3.0-beta2 | |
| Nathan Haug Webform | =6.x-3.0-beta3 | |
| Nathan Haug Webform | =6.x-3.0-beta4 | |
| Nathan Haug Webform | =6.x-3.0-beta5 | |
| Nathan Haug Webform | =6.x-3.0-beta6 | |
| Nathan Haug Webform | =6.x-3.1 | |
| Nathan Haug Webform | =6.x-3.2 | |
| Nathan Haug Webform | =6.x-3.3 | |
| Nathan Haug Webform | =6.x-3.4 | |
| Nathan Haug Webform | =6.x-3.5 | |
| Nathan Haug Webform | =6.x-3.6 | |
| Nathan Haug Webform | =6.x-3.7 | |
| Nathan Haug Webform | =6.x-3.8 | |
| Nathan Haug Webform | =6.x-3.9 | |
| Nathan Haug Webform | =6.x-3.10 | |
| Nathan Haug Webform | =6.x-3.11 | |
| Nathan Haug Webform | =6.x-3.12 | |
| Nathan Haug Webform | =6.x-3.13 | |
| Nathan Haug Webform | =6.x-3.14 | |
| Nathan Haug Webform | =6.x-3.15 | |
| Nathan Haug Webform | =6.x-3.16 | |
| Nathan Haug Webform | =6.x-3.x-dev | |
| Nathan Haug Webform | =7.x-3.0-beta2 | |
| Nathan Haug Webform | =7.x-3.0-beta3 | |
| Nathan Haug Webform | =7.x-3.0-beta4 | |
| Nathan Haug Webform | =7.x-3.0-beta5 | |
| Nathan Haug Webform | =7.x-3.0-beta6 | |
| Nathan Haug Webform | =7.x-3.0-beta7 | |
| Nathan Haug Webform | =7.x-3.0-beta8 | |
| Nathan Haug Webform | =7.x-3.3-beta1 | |
| Nathan Haug Webform | =7.x-3.4-beta1 | |
| Nathan Haug Webform | =7.x-3.6 | |
| Nathan Haug Webform | =7.x-3.7 | |
| Nathan Haug Webform | =7.x-3.8 | |
| Nathan Haug Webform | =7.x-3.9 | |
| Nathan Haug Webform | =7.x-3.10 | |
| Nathan Haug Webform | =7.x-3.11 | |
| Nathan Haug Webform | =7.x-3.12 | |
| Nathan Haug Webform | =7.x-3.13 | |
| Nathan Haug Webform | =7.x-3.15 | |
| Nathan Haug Webform | =7.x-3.16 | |
| Nathan Haug Webform | =7.x-3.x-dev | |
| Drupal Drupal |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://drupal.org/node/1472178
- http://drupal.org/node/1472180
- http://drupal.org/node/1472214
- http://drupalcode.org/project/webform.git/commit/90af819
- http://drupalcode.org/project/webform.git/commit/917fa91
- http://secunia.com/advisories/48310
- http://www.openwall.com/lists/oss-security/2012/04/07/1
- http://www.osvdb.org/79852
- http://www.securityfocus.com/bid/52345
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73779
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- vendor/nathan haug
- canonical/nathan haug webform
- version/nathan haug webform/6.x-3.0
- version/nathan haug webform/6.x-3.0-beta1
- version/nathan haug webform/6.x-3.0-beta2
- version/nathan haug webform/6.x-3.0-beta3
- version/nathan haug webform/6.x-3.0-beta4
- version/nathan haug webform/6.x-3.0-beta5
- version/nathan haug webform/6.x-3.0-beta6
- version/nathan haug webform/6.x-3.1
- version/nathan haug webform/6.x-3.2
- version/nathan haug webform/6.x-3.3
- version/nathan haug webform/6.x-3.4
- version/nathan haug webform/6.x-3.5
- version/nathan haug webform/6.x-3.6
- version/nathan haug webform/6.x-3.7
- version/nathan haug webform/6.x-3.8
- version/nathan haug webform/6.x-3.9
- version/nathan haug webform/6.x-3.10
- version/nathan haug webform/6.x-3.11
- version/nathan haug webform/6.x-3.12
- version/nathan haug webform/6.x-3.13
- version/nathan haug webform/6.x-3.14
- version/nathan haug webform/6.x-3.15
- version/nathan haug webform/6.x-3.16
- version/nathan haug webform/6.x-3.x-dev
- version/nathan haug webform/7.x-3.0-beta2
- version/nathan haug webform/7.x-3.0-beta3
- version/nathan haug webform/7.x-3.0-beta4
- version/nathan haug webform/7.x-3.0-beta5
- version/nathan haug webform/7.x-3.0-beta6
- version/nathan haug webform/7.x-3.0-beta7
- version/nathan haug webform/7.x-3.0-beta8
- version/nathan haug webform/7.x-3.3-beta1
- version/nathan haug webform/7.x-3.4-beta1
- version/nathan haug webform/7.x-3.6
- version/nathan haug webform/7.x-3.7
- version/nathan haug webform/7.x-3.8
- version/nathan haug webform/7.x-3.9
- version/nathan haug webform/7.x-3.10
- version/nathan haug webform/7.x-3.11
- version/nathan haug webform/7.x-3.12
- version/nathan haug webform/7.x-3.13
- version/nathan haug webform/7.x-3.15
- version/nathan haug webform/7.x-3.16
- version/nathan haug webform/7.x-3.x-dev
- vendor/drupal
- canonical/drupal drupal