Back to search
CVE-2010-0697
Published: Feb 23, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://drupal.org/node/711074
x_refsource_CONFIRM
http://drupal.org/node/711072
x_refsource_CONFIRM
38292
vdb-entry
x_refsource_BID
62405
vdb-entry
x_refsource_OSVDB
38633
third-party-advisory
x_refsource_SECUNIA
itweakupload-filenames-xss(56351)
vdb-entry
x_refsource_XF
http://drupal.org/node/717214
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now