Project
Date
Severity
Critical
Vulnerability
Cross Site Scripting
Affected versions
<7.x-1.7
Description
The Webform Multiple File Upload module allows users to upload multiple files on a Webform.
The module doesn't sufficiently escape filenames when displaying them, thereby exposing an XSS vulnerability.
This vulnerability is mitigated by the fact that an attacker must have access to a Webform that allows multiple file uploads.
Solution
Install the latest version.
If you use the Webform Multiple File Upload module for Drupal 7, upgrade to Webform Multiple File Upload 7.x-1.7.
Reported By
- Person
Fixed By
- Person
- Person
- Person
Coordinated By
- Person