EUVD-2010-0724

Malware in sbrugna...

CVE-2010-0697

Cross-site scripting XSS vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file...

Cross site scripting

Cross-site scripting XSS vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file...

CVE-2010-0697

Cross-site scripting XSS vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file...

CVE-2010-0697

The CVE-2010-0697 entry affects Drupal’s iTweak Upload module (6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3). The root cause is an XSS vulnerability where remote authenticated users with create content and upload file permissions can inject arbitrary web script or HTML via the file name of a...

SA-CONTRIB-2010-017 - iTweak Upload - Cross Site Scripting

iTweak Upload does not escape file names when displaying uploaded files. This allows a malicious user with the permission to create content and upload files to perform a Cross Site Scripting XSS attack. Versions affected iTweak Upload 6.x-2.x prior to 6.x-2.3 iTweak Upload 6.x-1.x prior to 6.x-1....