CVE-2010-1958
The CVE-2010-1958 issue affects Drupal’s FileField module (5.x before 5.x-2.5 and 6.x before 6.x-3.4). A remote authenticated user with create/edit permissions and an enabled Path to File/URL to File display can inject arbitrary script/HTML via the file name (filepath parameter), i.e., an XSS vul...