Drupal · Drupal Webform Module · CVE-2008-1794
**Name of the Vulnerable Software and Affected Versions**
Webform Drupal module versions 5.x before 5.x-1.10
Webform Drupal module versions 5.x-2.x before 5.x-2.0-beta3
Webform Drupal module versions 6.x before 6.x-1.0-beta3
**Description**
The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to multiple cross-site scripting (XSS) vulnerabilities.
**Recommendations**
For Webform Drupal module versions 5.x before 5.x-1.10, update to version 5.x-1.10 or later.
For Webform Drupal module versions 5.x-2.x before 5.x-2.0-beta3, update to version 5.x-2.0-beta3 or later.
For Webform Drupal module versions 6.x before 6.x-1.0-beta3, update to version 6.x-1.0-beta3 or later.