CVE-2010-1958 Information

Description

Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users with create or edit permissions and ‘Path to File’ or ‘URL to File’ display enabled to inject arbitrary web script or HTML via the file name (filepath parameter).

Reference

http://drupal.org/node/829808 http://osvdb.org/65611 http://secunia.com/advisories/40186 http://www.madirish.net/?article=461 http://www.securityfocus.com/bid/40923 https://exchange.xforce.ibmcloud.com/vulnerabilities/59500