CVE-2010-0697

Name of the Vulnerable Software and Affected Versions iTween Upload module versions 6.x-1.x before 6.x-1.2 iTween Upload module versions 6.x-2.x before 6.x-2.3

Description A cross-site scripting (XSS) issue exists in the iTweak Upload module for Drupal, allowing remote authenticated users with create content and upload file permissions to inject arbitrary web script or HTML via the file name of an uploaded file.

Recommendations For iTweak Upload module versions 6.x-1.x before 6.x-1.2, update to version 6.x-1.2 or later. For iTweak Upload module versions 6.x-2.x before 6.x-2.3, update to version 6.x-2.3 or later.