Webform - Moderately critical - Cross site scripting - SA-CONTRIB-2020-013

Project: WebformDate: 2020-May-06Security risk: Moderately critical 13∕25 AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross site scriptingDescription: The Webform module allows site builders to create forms.
The module doesn't sufficiently prevent malicious code from being render via an options elements (i.e select menu, checkboxes, radios, etc...) under the scenario where the site builder allows the raw option value to be displayed.
This vulnerability is mitigated by the fact that site builder must be allowed to build webform and select raw as the options element's submission display.Solution: Install the latest version:

Also see the Webform project page.Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2020-013