NotCVE - vendor:"Ilya Ivanchenko" product:"Itweak Upload" version:"6.x-2.x-dev"

1 results (0.006 seconds)

CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0

CVE-2010-0697

https://notcve.org/view.php?id=CVE-2010-0697

23 Feb 2010 — Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modulo iTweak Upload v6.x-1.x anteriores a v6.x-1.2 y v6.x-2.x anteriores a v6.x-2.3 para Drupal permite a usuarios remotos autenticados, con permis... • http://drupal.org/node/711072 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •