Vulnerability Details CVE-2012-5538
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.6%
CVSS Severity
CVSS v2 Score 2.1
References
Products affected by CVE-2012-5538
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.0
-
cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.1
-
cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.2
-
cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.3
-
cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.4
-
cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.5
-
cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.x
-
cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.2
-
cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.3
-
cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.4
-
cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.5
-
cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.x