webform_multiple_file_upload_project CVE Vulnerabilities & Metrics

Focus on webform_multiple_file_upload_project vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About webform_multiple_file_upload_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with webform_multiple_file_upload_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total webform_multiple_file_upload_project CVEs: 1
Earliest CVE date: 15 Jun 2015, 14:59 UTC
Latest CVE date: 26 Nov 2025, 02:15 UTC

Latest CVE reference: CVE-2025-12848

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical webform_multiple_file_upload_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.4

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 1
4.0-6.9 1
7.0-8.9 0
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS webform_multiple_file_upload_project CVEs

These are the five CVEs with the highest CVSS scores for webform_multiple_file_upload_project, sorted by severity first and recency.

All CVEs for webform_multiple_file_upload_project

CVE-2025-12848 webform_multiple_file_upload_project vulnerability CVSS: 0 26 Nov 2025, 02:15 UTC

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS) vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code (e.g., "<img src=1 onerror=alert(document.domain)>") to a Webform node with a Multifile field where file type validation is disabled. This allows the execution of arbitrary scripts in the context of the victim's browser. The issue is present in a third-party library and has been addressed in a patch available at  https://github.com/fyneworks/multifile/pull/44 . Users are advised to apply the provided patch or update to a fixed version of the module.

CVE-2015-4379 webform_multiple_file_upload_project vulnerability CVSS: 6.8 15 Jun 2015, 14:59 UTC

Cross-site request forgery (CSRF) vulnerability in the Webform Multiple File Upload module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of certain users for requests that delete files via unspecified vectors.