Release info

Created by: budda
Created on: March 22, 2011 - 21:41
Last updated: March 23, 2011 - 18:58
Core compatibility: 6.x
Release type: Security update

Release notes

See SA-CONTRIB-2011-014 - Webform Block - Cross Site Scripting

The module does not properly sanitize some of its output, allowing certain users the ability to insert arbitrary HTML and script code. Such a cross site scripting (XSS) attack may lead to a malicious user gaining full administrative access.