RSS   Vulnerabilities for 'Filefield sources'   RSS

2014-05-13
 
CVE-2013-4502

CWE-264
 

 
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file.

 
2012-12-03
 
CVE-2012-5538

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.

 

 >>> Vendor: Nathan haug 2 Products
Webform
Filefield sources


Copyright 2024, cxsecurity.com

 

Back to Top