1 results (0.024 seconds)

CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modulo iTweak Upload v6.x-1.x anteriores a v6.x-1.2 y v6.x-2.x anteriores a v6.x-2.3 para Drupal permite a usuarios remotos autenticados, con permisos para crear contenidos y subir ficheros, inyectar secuencias arbitrarias de comandos web o HTML a través del nombre de un fichero subido. • http://drupal.org/node/711072 http://drupal.org/node/711074 http://drupal.org/node/717214 http://osvdb.org/62405 http://secunia.com/advisories/38633 http://www.securityfocus.com/bid/38292 https://exchange.xforce.ibmcloud.com/vulnerabilities/56351 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •