This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Quicksketch | First view | 2010-06-21 |
| Product | Filefield | Last view | 2010-06-21 |
| Version | 5.x-2.3 | Type | Application |
| Update | rc4 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:quicksketch:filefield | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 2.1 | 2010-06-21 | CVE-2010-1958 | Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter). |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 65611 | FileField Module for Drupal filepath Parameter XSS |
