Cross site scripting

2012-12-0321:55:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

JSON

Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has “Reference existing” source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.

CPENameOperatorVersion
filefield_sourceseq6.120.10
filefield_sourceseq6.120.11
filefield_sourceseq6.120.12
filefield_sourceseq6.120.13
filefield_sourceseq6.120.14
filefield_sourceseq6.120.15
filefield_sourceseq6.x-1.x dev
filefield_sourceseq7.x-1.2 beta1
filefield_sourceseq7.120.13
filefield_sourceseq7.120.14

Name	Operator	Version
filefield_sources	eq	6.120.10
filefield_sources	eq	6.120.11
filefield_sources	eq	6.120.12
filefield_sources	eq	6.120.13
filefield_sources	eq	6.120.14
filefield_sources	eq	6.120.15
filefield_sources	eq	6.x-1.x dev
filefield_sources	eq	7.x-1.2 beta1
filefield_sources	eq	7.120.13
filefield_sources	eq	7.120.14