CVE-2012-1660

Name of the Vulnerable Software and Affected Versions Drupal Webform module versions 6.x-3.x before 6.x-3.17 Drupal Webform module versions 7.x-3.x before 7.x-3.17

Description The issue affects the Webform module in Drupal, specifically in components/select.inc, when the "Select (or other)" module is enabled. It allows remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to checkboxes or radios.

Recommendations For Drupal Webform module version 6.x-3.x before 6.x-3.17, update to version 6.x-3.17 or later. For Drupal Webform module version 7.x-3.x before 7.x-3.17, update to version 7.x-3.17 or later.