drupal6-webform

• Author: Miklos Vajna
• Vulnerable: 6.x_3.6-2
• Unaffected: 6.x_3.11-1nexon1

Justin Klein Keane has discovered multiple vulnerabilities in the Webform module for Drupal, which can be exploited by malicious users and malicious people to conduct script insertion attacks.

1. Input passed via the “name” parameter when submitting a new webform field is not properly sanitised in sites/all/modules/webform/includes/webform.report.inc before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires the “create webform content” or “administer nodes” permission.
2. Input passed via the filename when uploading a file through a webform is not properly sanitised in sites/all/modules/webform/components/file.inc before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is being viewed.

• Bug Tracker URL: http://bugs.frugalware.org/task/4499

CVEs:

• No CVE, see http://drupal.org/node/1161954.