Drupal Association members fund grants that make connections all over the world.
- Advisory ID: DRUPAL-SA-CONTRIB-2009-050
- Project: Webform report (third-party module)
- Version: All
- Date: 2009-Aug-5
- Security risk: Less critical
- Exploitable from: Remote
- Vulnerability: Cross site scripting
Webform report allows users to create simple, dynamic reports based on data collected by the webform module. When displaying the results of Webform submissions, the module does not properly escape user entered data, leading to a cross-site scripting (XSS) vulnerability.
- Webform report for Drupal 5.x
- Webform report for Drupal 6.x
Drupal core is not affected. If you do not use the contributed webform report module, there is nothing you need to do.
There is no solution available. Please disable the module and remove it from your server.
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.