CVE-2012-5538

Name of the Vulnerable Software and Affected Versions Drupal FileField Sources module versions 6.x-1.x before 6.x-1.6 Drupal FileField Sources module versions 7.x-1.x before 7.x-1.6

Description A cross-site scripting (XSS) issue exists in the FileField Sources module for Drupal. This occurs when the field has "Reference existing" source enabled, allowing remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.

Recommendations For Drupal FileField Sources module version 6.x-1.x, update to version 6.x-1.6 or later. For Drupal FileField Sources module version 7.x-1.x, update to version 7.x-1.6 or later.