webform 7.x-3.22

Install

Works with Drupal: 7.x

Using Composer to manage Drupal site dependencies

Downloads

Download tar.gz 133.43 KB

MD5: af8e64222a07a850b5d9d1798a1d1bb2

SHA-1: 56f81b4cbd4e00e6b3200a2ce7ab57654695f2a2

SHA-256: 2937bfcc6ab29312da15bdebfd719309558899db8cc914901a6b6497a7a87694

Download zip 168.83 KB

MD5: c8cc8c061146b93118fb75f7db811a77

SHA-1: cc3d7822707e1292081e4f73fc33f87789ad0662

SHA-256: 3fa69f1f3148ed4914f0a79efb16f89ecca672d41f5cda04457b43a2e28975ca

Release notes

This release of 7.x-3.x fixes one security issue. Updating is strongly recommended for all users of the 7.x-3.x branch. See SA-CONTRIB-2015-063 - Webform - Cross Site Scripting (XSS) for details.

Security issue

When a webform is made available as a block, the node's title is used as the default block title. This title is not sufficiently sanitized, leading to a Cross Site Scripting (XSS) vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with permission to administer blocks and create or edit webform nodes.

Changes since 7.x-3.21:

#SA-152635 by DanChadwick: Fixed default block title.

Created by: danchadwick
Created on: 3 Mar 2015 at 18:15 UTC
Last updated: 2 Aug 2018 at 04:56 UTC

7.x-3.22

Security update

Insecure

Unsupported

Other releases

7.x-3.31 - 21 May 2021
7.x-3.31-rc1 - 30 April 2021
7.x-3.30 - 31 January 2020
7.x-3.30-rc1 - 17 January 2020
7.x-3.29 - 11 December 2019
7.x-3.28 - 9 December 2019
7.x-3.28-rc1 - 25 November 2019
7.x-3.27 - 9 February 2017
7.x-3.27-rc1 - 26 January 2017
7.x-3.26 - 30 November 2016
7.x-3.26-rc1 - 16 November 2016
7.x-3.25 - 19 October 2016
7.x-3.24 - 2 April 2015
7.x-3.23 - 17 March 2015
7.x-3.22 - 3 March 2015
7.x-3.21 - 7 October 2014
7.x-3.20 - 12 February 2014
7.x-3.19 - 29 May 2013
7.x-3.18 - 13 May 2012
7.x-3.17 - 7 March 2012
7.x-3.16 - 27 February 2012
7.x-3.15 - 8 December 2011
7.x-3.13 - 31 August 2011
7.x-3.12 - 17 August 2011
7.x-3.11 - 18 May 2011
7.x-3.10 - 18 May 2011
7.x-3.9 - 6 March 2011
7.x-3.8 - 25 February 2011
7.x-3.7 - 24 February 2011
7.x-3.6 - 12 January 2011
7.x-3.4-beta1 - 20 October 2010
7.x-3.3-beta1 - 18 October 2010
7.x-3.0-beta8 - 26 August 2010
7.x-3.0-beta7 - 14 August 2010
7.x-3.0-beta6 - 21 June 2010
7.x-3.0-beta5 - 13 April 2010
7.x-3.0-beta4 - 3 April 2010
7.x-3.0-beta3 - 3 April 2010
7.x-3.0-beta2 - 13 March 2010
7.x-3.x-dev - 3 March 2010

View usage statistics for this release

webform 7.x-3.22

Install

Downloads

Release notes

Security issue

Other releases

News items

Our community

Documentation

Drupal code base

Governance of community