CVE-2010-1958

Name of the Vulnerable Software and Affected Versions FileField module versions 5.x before 5.x-2.5 FileField module versions 6.x before 6.x-3.4

Description A cross-site scripting (XSS) issue allows remote authenticated users with create or edit permissions and 'Path to File' or 'URL to File' display enabled to inject arbitrary web script or HTML via the filepath parameter in the file name.

Recommendations For FileField module versions 5.x before 5.x-2.5, update to version 5.x-2.5 or later. For FileField module versions 6.x before 6.x-3.4, update to version 6.x-3.4 or later.