This module enables you to build forms and surveys in Drupal.
The module doesn't sufficiently filter webform element properties (attributes) under the scenario of editing a webform. Malicious user could craft such an attribute (#element_validate, for example) that would invoke execution of undesired PHP code.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Edit own webform" (or "Edit any webform").