CVE-2010-1958 Information
Share on:
Feb 14, 2021
cve
Description
Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users with create or edit permissions and ‘Path to File’ or ‘URL to File’ display enabled to inject arbitrary web script or HTML via the file name (filepath parameter).
Reference
http://drupal.org/node/829808 http://osvdb.org/65611 http://secunia.com/advisories/40186 http://www.madirish.net/?article=461 http://www.securityfocus.com/bid/40923 https://exchange.xforce.ibmcloud.com/vulnerabilities/59500