2 matches found
CVE-2013-1971
The CVE-2013-1971 vulnerability concerns the Drupal 6.x MP3 Player contributed module. The issue is a cross-site scripting (XSS) flaw where remote authenticated users with certain permissions can inject arbitrary script/HTML via the MP3 filename, caused by insufficient filtering of user-supplied ...
SA-CONTRIB-2013-043 - MP3 Player - Cross Site Scripting (XSS)
This module enables you to easily enable a Flash MP3 Player on a CCK FileField. The module doesn't sufficiently filter user-supplied text from mp3 filenames. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create a node with an mp3 filefield wi...