Vulnerabilities
CVE-2025-12848 - XSS vulnerability when rendering filename in Webform Multiform
CVE ID : CVE-2025-12848 Published : Nov. 26, 2025, 2:15 a.m. | 47 minutes ago Description : Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS) vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code (e.g.,
Source: Telegram CVE Monitor