Project: 
Calculation Fields
Date: 
2026-March-04
Security risk: 
Moderately critical 14 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: 
Cross-site Scripting
Affected versions: 
<1.0.4
CVE IDs: 
CVE-2026-3528
Description: 

This module extends the Drupal form API adding "Calculation element" form element types, which can evaluate a maths expression. It offers webform integration.

The module doesn't sufficiently validate user input; this could be exploited to achieve Information Disclosure or Cross-site Scripting (XSS).

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: