CVE-2012-5538

Cross-site scripting XSS vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded fil...

CVE-2012-5538

The CVE-2012-5538 issue is a cross-site scripting (XSS) vulnerability in the Drupal FileField Sources module (versions 6.x-1.x prior to 6.x-1.6 and 7.x-1.x prior to 7.x-1.6). When the field uses the “Reference existing” source, remote authenticated users can inject arbitrary web script or HTML vi...

CVE-2012-5538

Cross-site scripting XSS vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded fil...

SA-CONTRIB-2012-147 - FileField Sources - Cross Site Scripting (XSS)

The Drupal FileField module lets you upload files from your computer through a CCK field. The FileField Sources module expands on this ability by allowing you to select new or existing files through additional means. The FileField Sources module contains a persistent cross site scripting XSS...