VYPR
Unrated severityNVD Advisory· Published Dec 3, 2012· Updated Jun 16, 2026

CVE-2012-5538

CVE-2012-5538

Description

Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

13
  • cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:nathan_haug:filefield_sources:6.x-1.x:dev:*:*:*:*:*:*
    • cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.2:beta1:*:*:*:*:*:*
    • cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:nathan_haug:filefield_sources:7.x-1.x:dev:*:*:*:*:*:*
  • Range: <6.x-1.6, <7.x-1.6

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.