CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2013-4502
https://notcve.org/view.php?id=CVE-2013-4502
13 May 2014 — The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file. El módulo FileField Sources 6.x-1.x anterior a 6.x-1.9 y 7.x-1.x anterior a 7.x-1.9 para Drupal no comprueba debidamente permisos de archivos, lo que permite a usuarios remotos autenticados leer archivos arbitrarios al ajuntar un archivo. • http://seclists.org/oss-sec/2013/q4/210 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2012-5538
https://notcve.org/view.php?id=CVE-2012-5538
03 Dec 2012 — Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo FileField v6.x-1.x antes de v6.x-1.6 y v7.x-1.x antes de v7.x-1.6 para Drupal, cuando el campo tiene fuente "Referenci... • http://drupal.org/node/1789300 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •