Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2010-06-21T19:00:00
Updated: 2024-08-07T02:17:13.738Z
Reserved: 2010-05-19T00:00:00
Link: CVE-2010-1958
Vulnrichment
No data.
NVD
Status : Modified
Published: 2010-06-21T19:30:01.943
Modified: 2024-11-21T01:15:33.760
Link: CVE-2010-1958
Redhat
No data.