VYPR

FileField Sources

by Drupal

CVEs (2)

  • CVE-2013-4502May 13, 2014
    risk 0.00cvss epss 0.01

    The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file.

  • CVE-2012-5538Dec 3, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the…