CVE-2010-1958

2010-06-2119:00:00

mitre

www.cve.org

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.5%

JSON

Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and ‘Path to File’ or ‘URL to File’ display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter).

References

drupal.org/node/829808

osvdb.org/65611

secunia.com/advisories/40186

www.madirish.net/?article=461

www.securityfocus.com/bid/40923

exchange.xforce.ibmcloud.com/vulnerabilities/59500