CVE-2010-1958

Quicksketch Filefield - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter).

References (6)

[Patch] http://drupal.org/node/829808

[Vendor Advisory] http://secunia.com/advisories/40186

[Various Sources] http://www.madirish.net/?article=461

[Patch] http://www.securityfocus.com/bid/40923

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/59500

[Third Party Advisory, VDB Entry] http://osvdb.org/65611

Scores

EPSS 0.0027

EPSS Percentile 50.1%

Classification

CWE

CWE-79

Status published

Affected Products (34)

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

quicksketch/filefield

... and 19 more

Timeline

Published Jun 21, 2010

Tracked Since Feb 18, 2026