CVE-2010-3094

Drupal 6.0-6.17 - Authenticated Cross-Site Scripting via Action Description or Message

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.

References (5)

Core 5
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2113
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128440896914512&w=2
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/880476
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128418560705305&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/42391

Scores

EPSS 0.0024
EPSS Percentile 47.4%

Details

CWE
CWE-79
Status published
Products (19)
drupal/drupal 6.0 (10 CPE variants)
drupal/drupal 6.1
drupal/drupal 6.2
drupal/drupal 6.3
drupal/drupal 6.4
drupal/drupal 6.5
drupal/drupal 6.6
drupal/drupal 6.7
drupal/drupal 6.8
drupal/drupal 6.9
... and 9 more
Published Sep 21, 2010
Tracked Since Feb 18, 2026