CVE-2010-1958

Sažetak

Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter).

Reference

http://drupal.org/node/829808
http://osvdb.org/65611
http://secunia.com/advisories/40186
http://www.madirish.net/?article=461
http://www.securityfocus.com/bid/40923
https://exchange.xforce.ibmcloud.com/vulnerabilities/59500

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

21-06-2010 - 19:30