Описание
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 5.5-1ubuntu1 |
| edgy | DNE | |
| feisty | DNE | |
| gutsy | released | 5.2-2ubuntu2.1 |
| upstream | released | 5.3 |
Показывать по
Ссылки на источники
4.3 Medium
CVSS2
Связанные уязвимости
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.
4.3 Medium
CVSS2