Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Downloads
Download webform-6.x-3.22.tar.gztar.gz
137.68 KB
MD5: 138aae51fe4d5010b4baf02dcda15c74
SHA-1: 83440e33470652b725da9ac69161c457b4e44bad
SHA-256: 6c69c24957133b41166381e5dda452198aac88a276ba48753282b5e3c472a8e8
Download webform-6.x-3.22.zipzip
173.54 KB
MD5: 4d3226e670bbfbaf62e1675aa54607df
SHA-1: 818221a5ee9a8581667699c0ce50dffaac634428
SHA-256: 46665e8b1a83ebd8946dc0b172d293419c7f3f79883dfb82aa9c3933d03b75b6
Release notes
This release of 6.x-3.x fixes one security issue. Updating is strongly recommended for all Drupal 6 webform users.
See SA-CONTRIB-2015-063 - Webform - Cross Site Scripting (XSS) for details.
Security issue
When a webform is made available as a block, the node's title is used as the default block title. This title is not sufficiently sanitized, leading to a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with permission to administer blocks and create or edit webform nodes.
Changes since 6.x-3.21:
- #SA-152635 by DanChadwick: Fixed default block title.