CVE-2010-2002

Addison Berry Wordfilter - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list.

References (5)

[Patch] http://drupal.org/node/796618

[Patch] http://drupal.org/node/796620

[Patch, Vendor Advisory] http://drupal.org/node/797208

[Vendor Advisory] http://secunia.com/advisories/39811

[Patch] http://www.securityfocus.com/bid/40119

Scores

EPSS 0.0028

EPSS Percentile 51.2%

Classification

CWE

CWE-79

Status published

Affected Products (5)

addison_berry/wordfilter

jeff_warrington/wordfilter

jeff_warrington/wordfilter

jeff_warrington/wordfilter

n/a/n/a

Timeline

Published May 20, 2010

Tracked Since Feb 18, 2026