EUVD-2012-5430

Malware in sbrugna...

CVE-2012-5538

Cross-site scripting XSS vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded fil...

FileField Sources - Moderately critical - Access Bypass - SA-CONTRIB-2018-007

This module enables you to upload files to fields via several sources. The module doesn't sufficiently handle access control under the scenario of the autocomplete path of reference sources...

CVE-2013-4502

The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file...

Design/Logic Flaw

The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file...

CVE-2013-4502

The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file...

CVE-2013-4502

The CVE-2013-4502 entry concerns the Drupal contributed module FileField Sources. Affected versions are FileField Sources 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9. The root cause is improper file permission checks when attaching files, enabling remote authenticated users to read arbitrar...

SA-CONTRIB-2013-084 - FileField Sources - Access Bypass

This module expands on the FileField module by allowing you to select new or existing files through additional means, such as re-using files with an auto-complete textfield, attaching server-side files uploaded via FTP, transferring file files from a remote server, pasting a file directly from th...

CVE-2012-5538

Cross-site scripting XSS vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded fil...

Cross site scripting

Cross-site scripting XSS vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded fil...

CVE-2012-5538

The CVE-2012-5538 issue is a cross-site scripting (XSS) vulnerability in the Drupal FileField Sources module (versions 6.x-1.x prior to 6.x-1.6 and 7.x-1.x prior to 7.x-1.6). When the field uses the “Reference existing” source, remote authenticated users can inject arbitrary web script or HTML vi...

CVE-2012-5538

Cross-site scripting XSS vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded fil...

SA-CONTRIB-2012-147 - FileField Sources - Cross Site Scripting (XSS)

The Drupal FileField module lets you upload files from your computer through a CCK field. The FileField Sources module expands on this ability by allowing you to select new or existing files through additional means. The FileField Sources module contains a persistent cross site scripting XSS...

SA-CONTRIB-2010-081 - FileField Sources - Arbitrary Code Execution

The FileField Sources module expands on the abilities of FileField, allowing users to select new or existing files through additional means, including: Reuse of existing files through an autocomplete textfield or IMCE, or transfering files directly from remote servers. The module does not sanitiz...