Drupal avatar_uploader
0 remedies
cpe:2.3:a:avatar_uploader_project:avatar_uploader:*:*:*:*:drupal:*:*
0 remedies
- <= 7.x-1.0-beta8
Drupal Avatar Uploader Reflected Cross-Site Scripting Vulnerability
Vulnerability
A reflected cross-site scripting vulnerability has been identified in the Drupal Avatar Uploader module, specifically in version 7.x-1.0-beta8. This vulnerability allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter in avatar_uploader.pages.inc. Attackers can craft URLs with script payloads that, when accessed, execute arbitrary JavaScript in the context of the victim's browser.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Reproduction
To reproduce this vulnerability, send a request to the avatar_uploader.pages.inc endpoint with a file parameter containing a script payload, such as a JavaScript alert. The injected script will be executed in the browser of the user accessing the crafted URL.
Added: May 10, 2026, 1:23 PM
Updated: May 10, 2026, 1:23 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
1.7exploitability
7.7remediation
0.0relevance
7.9threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.