VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-1958

filefield: Cross-site scripting (XSS) vulnerability in the Fil...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1958

Original

Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter).

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-06-21

Source Information Category:

Advisory, Alert

Last Updated:

2010-06-22

Affected Product Tags

cpe:/a:drupal:drupal

cpe:/a:quicksketch:filefield:5.x-1.x-dev

cpe:/a:quicksketch:filefield:5.x-2.0

cpe:/a:quicksketch:filefield:5.x-2.1

cpe:/a:quicksketch:filefield:5.x-2.2

cpe:/a:quicksketch:filefield:5.x-2.3

cpe:/a:quicksketch:filefield:5.x-2.3:rc2

cpe:/a:quicksketch:filefield:5.x-2.3:rc3

cpe:/a:quicksketch:filefield:5.x-2.3:rc4

cpe:/a:quicksketch:filefield:5.x-2.4

cpe:/a:quicksketch:filefield:5.x-2.x-dev

cpe:/a:quicksketch:filefield:6.x-1.0:alpha1

cpe:/a:quicksketch:filefield:6.x-1.0:alpha2

cpe:/a:quicksketch:filefield:6.x-1.0:alpha3

cpe:/a:quicksketch:filefield:6.x-1.0:beta1

cpe:/a:quicksketch:filefield:6.x-1.0:beta2

cpe:/a:quicksketch:filefield:6.x-1.0:beta3

cpe:/a:quicksketch:filefield:6.x-3.0

cpe:/a:quicksketch:filefield:6.x-3.0:alpha1

cpe:/a:quicksketch:filefield:6.x-3.0:alpha2

cpe:/a:quicksketch:filefield:6.x-3.0:alpha3

cpe:/a:quicksketch:filefield:6.x-3.0:alpha4

cpe:/a:quicksketch:filefield:6.x-3.0:alpha5

cpe:/a:quicksketch:filefield:6.x-3.0:alpha6

cpe:/a:quicksketch:filefield:6.x-3.0:alpha7

cpe:/a:quicksketch:filefield:6.x-3.0:beta1

cpe:/a:quicksketch:filefield:6.x-3.0:beta2

cpe:/a:quicksketch:filefield:6.x-3.0:beta3

cpe:/a:quicksketch:filefield:6.x-3.0:rc1

cpe:/a:quicksketch:filefield:6.x-3.1

cpe:/a:quicksketch:filefield:6.x-3.2

cpe:/a:quicksketch:filefield:6.x-3.3

cpe:/a:quicksketch:filefield:6.x-3.5

cpe:/a:quicksketch:filefield:6.x-3.x-dev

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 40923

CONFIRM http://drupal.org/node/829808

MISC http://www.madirish.net/?article=461

OSVDB 65611

SECUNIA 40186

Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)

XF filefieldmodule-filepath-xss(59500)