Unrated severityNVD Advisory· Published Dec 3, 2012· Updated Jun 16, 2026
CVE-2012-5538
CVE-2012-5538
Description
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.4:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.5:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.x:dev:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.2:beta1:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.4:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.5:*:*:*:*:*:*:*
- cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.x:dev:*:*:*:*:*:*
- Range: <6.x-1.6, <7.x-1.6
Patches
Vulnerability mechanics
References
4- drupal.org/node/1789300nvdPatch
- drupal.org/node/1789302nvdPatch
- drupal.org/node/1789306nvdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2012/11/20/4nvd
News mentions
0No linked articles in our index yet.