Search criteria
3 vulnerabilities found for itweak_upload by ilya_ivanchenko
FKIE_CVE-2010-0697
Vulnerability from fkie_nvd - Published: 2010-02-23 20:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ilya_ivanchenko | itweak_upload | 6.x-1.0 | |
| ilya_ivanchenko | itweak_upload | 6.x-1.1 | |
| ilya_ivanchenko | itweak_upload | 6.x-1.x-dev | |
| ilya_ivanchenko | itweak_upload | 6.x-2.0 | |
| ilya_ivanchenko | itweak_upload | 6.x-2.1 | |
| ilya_ivanchenko | itweak_upload | 6.x-2.1 | |
| ilya_ivanchenko | itweak_upload | 6.x-2.2 | |
| ilya_ivanchenko | itweak_upload | 6.x-2.x-dev | |
| drupal | drupal | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3732E84D-B506-41F7-A42E-0D03048C5E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2567A4D5-174D-4DCE-B6E7-6461FC3DC85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F88CCA-31C5-4B69-81DB-A978A1243962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7DE649DF-5DB5-4DB5-939F-A4F4652500C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F23A12B9-48E2-49DA-AD4A-8578C39FB37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "09123526-A21B-421A-BF61-B5CD8A32B8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4785846-1779-49C6-964B-AC14C5FBD2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "3B329355-4A27-4251-B73B-41BA77282847",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modulo iTweak Upload v6.x-1.x anteriores a v6.x-1.2 y v6.x-2.x anteriores a v6.x-2.3 para Drupal permite a usuarios remotos autenticados, con permisos para crear contenidos y subir ficheros, inyectar secuencias arbitrarias de comandos web o HTML a trav\u00e9s del nombre de un fichero subido."
}
],
"id": "CVE-2010-0697",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-23T20:30:00.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/711072"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/711074"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/717214"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/62405"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38633"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38292"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/711072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/711074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/717214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-0697 (GCVE-0-2010-0697)
Vulnerability from cvelistv5 – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:59
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/711074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/711072"
},
{
"name": "38292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38292"
},
{
"name": "62405",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62405"
},
{
"name": "38633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38633"
},
{
"name": "itweakupload-filenames-xss(56351)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/717214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/711074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/711072"
},
{
"name": "38292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38292"
},
{
"name": "62405",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62405"
},
{
"name": "38633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38633"
},
{
"name": "itweakupload-filenames-xss(56351)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/717214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/711074",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/711074"
},
{
"name": "http://drupal.org/node/711072",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/711072"
},
{
"name": "38292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38292"
},
{
"name": "62405",
"refsource": "OSVDB",
"url": "http://osvdb.org/62405"
},
{
"name": "38633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38633"
},
{
"name": "itweakupload-filenames-xss(56351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
},
{
"name": "http://drupal.org/node/717214",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/717214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0697",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-02-23T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0697 (GCVE-0-2010-0697)
Vulnerability from nvd – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:59
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/711074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/711072"
},
{
"name": "38292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38292"
},
{
"name": "62405",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62405"
},
{
"name": "38633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38633"
},
{
"name": "itweakupload-filenames-xss(56351)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/717214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/711074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/711072"
},
{
"name": "38292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38292"
},
{
"name": "62405",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62405"
},
{
"name": "38633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38633"
},
{
"name": "itweakupload-filenames-xss(56351)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/717214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/711074",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/711074"
},
{
"name": "http://drupal.org/node/711072",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/711072"
},
{
"name": "38292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38292"
},
{
"name": "62405",
"refsource": "OSVDB",
"url": "http://osvdb.org/62405"
},
{
"name": "38633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38633"
},
{
"name": "itweakupload-filenames-xss(56351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
},
{
"name": "http://drupal.org/node/717214",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/717214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0697",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-02-23T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}