All the vulnerabilites related to ilya_ivanchenko - itweak_upload
Vulnerability from fkie_nvd
Published
2010-02-23 20:30
Modified
2024-11-21 01:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ilya_ivanchenko | itweak_upload | 6.x-1.0 | |
| ilya_ivanchenko | itweak_upload | 6.x-1.1 | |
| ilya_ivanchenko | itweak_upload | 6.x-1.x-dev | |
| ilya_ivanchenko | itweak_upload | 6.x-2.0 | |
| ilya_ivanchenko | itweak_upload | 6.x-2.1 | |
| ilya_ivanchenko | itweak_upload | 6.x-2.1 | |
| ilya_ivanchenko | itweak_upload | 6.x-2.2 | |
| ilya_ivanchenko | itweak_upload | 6.x-2.x-dev | |
| drupal | drupal | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3732E84D-B506-41F7-A42E-0D03048C5E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2567A4D5-174D-4DCE-B6E7-6461FC3DC85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F88CCA-31C5-4B69-81DB-A978A1243962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7DE649DF-5DB5-4DB5-939F-A4F4652500C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F23A12B9-48E2-49DA-AD4A-8578C39FB37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "09123526-A21B-421A-BF61-B5CD8A32B8B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4785846-1779-49C6-964B-AC14C5FBD2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "3B329355-4A27-4251-B73B-41BA77282847",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modulo iTweak Upload v6.x-1.x anteriores a v6.x-1.2 y v6.x-2.x anteriores a v6.x-2.3 para Drupal permite a usuarios remotos autenticados, con permisos para crear contenidos y subir ficheros, inyectar secuencias arbitrarias de comandos web o HTML a trav\u00e9s del nombre de un fichero subido."
}
],
"id": "CVE-2010-0697",
"lastModified": "2024-11-21T01:12:46.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-23T20:30:00.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/711072"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/711074"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/717214"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/62405"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38633"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38292"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/711072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/711074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/717214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2010-0697
Vulnerability from cvelistv5
Published
2010-02-23 20:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/711074 | x_refsource_CONFIRM | |
| http://drupal.org/node/711072 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38292 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/62405 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/38633 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56351 | vdb-entry, x_refsource_XF | |
| http://drupal.org/node/717214 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/711074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/711072"
},
{
"name": "38292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38292"
},
{
"name": "62405",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62405"
},
{
"name": "38633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38633"
},
{
"name": "itweakupload-filenames-xss(56351)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/717214"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/711074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/711072"
},
{
"name": "38292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38292"
},
{
"name": "62405",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62405"
},
{
"name": "38633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38633"
},
{
"name": "itweakupload-filenames-xss(56351)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/717214"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/711074",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/711074"
},
{
"name": "http://drupal.org/node/711072",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/711072"
},
{
"name": "38292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38292"
},
{
"name": "62405",
"refsource": "OSVDB",
"url": "http://osvdb.org/62405"
},
{
"name": "38633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38633"
},
{
"name": "itweakupload-filenames-xss(56351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56351"
},
{
"name": "http://drupal.org/node/717214",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/717214"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0697",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-02-23T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}