6.x.1.x

DATE	CVE	VULNERABILITY TITLE	RISK
2012-12-03	CVE-2012-5538	Cross-Site Scripting vulnerability in Nathan Haug Filefield Sources Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. network high complexity nathan-haug drupal CWE-79	2.1