SA-CONTRIB-2013-043 - MP3 Player - Cross Site Scripting (XSS)

This module enables you to easily enable a Flash MP3 Player on a CCK FileField. The module doesn't sufficiently filter user-supplied text from mp3 filenames. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create a node with an mp3 filefield wi...