CVE-2010-0697

2010-02-23T15:30:00
ID CVE-2010-0697
Type cve
Reporter NVD
Modified 2017-08-16T21:32:04

Description

Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.