Vulnerabilities > Nathan Haug > Filefield Sources > 6.x.1.x
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-12-03 | CVE-2012-5538 | Cross-Site Scripting vulnerability in Nathan Haug Filefield Sources Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. | 2.1 |