MidnightBSD

Advisories for ilya_ivanchenko

CVE-2010-0697 LOW

Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ilya_ivanchenko itweak_upload 6.x-2.x-dev
ilya_ivanchenko itweak_upload 6.x-1.1
ilya_ivanchenko itweak_upload 6.x-2.2
ilya_ivanchenko itweak_upload 6.x-1.0
ilya_ivanchenko itweak_upload 6.x-1.x-dev
ilya_ivanchenko itweak_upload 6.x-2.0
ilya_ivanchenko itweak_upload 6.x-2.1