Vulnerabilities (CVE)

Filtered by vendor Nathan Haug Subscribe
Filtered by product Filefield Sources
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4502 2 Drupal, Nathan Haug 2 Drupal, Filefield Sources 2024-02-04 4.0 MEDIUM N/A
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file.
CVE-2012-5538 2 Drupal, Nathan Haug 2 Drupal, Filefield Sources 2024-02-04 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.