CVE-2013-1971

Name of the Vulnerable Software and Affected Versions Drupal versions 6.x

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users with specific permissions to inject arbitrary web script or HTML via the file name of an MP3 file in the MP3 Player module.

Recommendations For version 6.x, update the MP3 Player module to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the MP3 Player module for users with permissions that could be used to exploit this issue.