Published: 21/09/2010 Updated: 22/09/2010

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x prior to 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal 6.0
drupal drupal 6.9
drupal drupal 6.10
drupal drupal 6.11
drupal drupal 6.12
drupal drupal 6.13
drupal drupal 6.1
drupal drupal 6.2
drupal drupal 6.3
drupal drupal 6.4
drupal drupal 6.6
drupal drupal 6.8
drupal drupal 6.15
drupal drupal 6.17
drupal drupal 6.5
drupal drupal 6.7
drupal drupal 6.14
drupal drupal 6.16

Several vulnerabilities have been discovered in Drupal 6 a fully-featured content management framework The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3091 Several issues have been discovered in the OpenID module that allows malicious access to user accounts CVE-2010-3092 The upload module includes a ...

CWE-79 http://drupal.org/node/880476 http://marc.info/?l=oss-security&m=128418560705305&w=2 http://www.securityfocus.com/bid/42391 http://marc.info/?l=oss-security&m=128440896914512&w=2 http://www.debian.org/security/2010/dsa-2113 https://nvd.nist.gov https://www.debian.org/security/./dsa-2113

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-3094

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect