Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/59276 | Vendor Advisory |
https://drupal.org/node/1972804 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/83649 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2013-06-25 11:55
Updated : 2017-08-28 18:33
NVD link : CVE-2013-1971
Mitre link : CVE-2013-1971
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
jordan_de_laune
- mp3_player
drupal
- drupal