HNS MAIN FEED
Saturday, 05:37 EST
- Zero-day vulnerabilities in Firefox extensions discovered
- Three charged with Comcast.net hijacking
- Cloud computing security benefits, risks and recommendations
- Poisoned Google search results
- World’s first wireless USB external hard drive
- A look at Securitybyte & OWASP AppSec Asia Conference 2009
- Biggest threats to federal systems and critical infrastructure
- Are 64-bit Windows inherently safer?
- NSA on cyber attacks and Microsoft collaboration
- New books: ModSecurity, Snow Leopard, social Web applications
- Vulnerability in IBM SolidDB memory caching software
- Two arrested for Zbot Trojan
Drupal Webform Module HTML Injection and Information Disclosure Vulnerabilities
05 November 2009
Drupal is a web-based content manager. Webform is a Drupal module that is used to create questionnaires, contact forms, surveys, and other forms. The application is exposed to an HTML injection issue because the application fails to sufficiently sanitize user-supplied input passed through field labels, and an information disclosure issue because the application use token placeholders for a default value in a page cache. Webform version 6.x-2.8 and 5.x-2.8 are affected by this issue.
Ref: http://drupal.org/node/604942
09.44.89 - CVE: Not Available
Platform: Web Application
Ref: http://drupal.org/node/604942
09.44.89 - CVE: Not Available
Platform: Web Application