Unrated severityNVD Advisory· Published Jun 21, 2010· Updated Apr 29, 2026
CVE-2010-1958
CVE-2010-1958
Description
Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter).
Affected products
33cpe:2.3:a:quicksketch:filefield:5.x-1.x-dev:*:*:*:*:*:*:*+ 32 more
- cpe:2.3:a:quicksketch:filefield:5.x-1.x-dev:*:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:5.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:5.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:5.x-2.2:*:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:5.x-2.3:*:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:5.x-2.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:5.x-2.3:rc3:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:5.x-2.3:rc4:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:5.x-2.4:*:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:5.x-2.x-dev:*:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-1.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-1.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-1.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.0:*:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha5:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha6:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.0:alpha7:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.1:*:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.2:*:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.3:*:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.5:*:*:*:*:*:*:*
- cpe:2.3:a:quicksketch:filefield:6.x-3.x-dev:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- drupal.org/node/829808nvdPatch
- www.securityfocus.com/bid/40923nvdPatch
- secunia.com/advisories/40186nvdVendor Advisory
- osvdb.org/65611nvd
- www.madirish.netnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/59500nvd
News mentions
0No linked articles in our index yet.