CVE-2010-3094

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
drupaldrupal
6.0
drupaldrupal
6.0:beta1
drupaldrupal
6.0:beta2
drupaldrupal
6.0:beta3
drupaldrupal
6.0:beta4
drupaldrupal
6.0:dev
drupaldrupal
6.0:rc1
drupaldrupal
6.0:rc2
drupaldrupal
6.0:rc3
drupaldrupal
6.0:rc4
drupaldrupal
6.1
drupaldrupal
6.2
drupaldrupal
6.3
drupaldrupal
6.4
drupaldrupal
6.5
drupaldrupal
6.6
drupaldrupal
6.7
drupaldrupal
6.8
drupaldrupal
6.9
drupaldrupal
6.10
drupaldrupal
6.11
drupaldrupal
6.12
drupaldrupal
6.13
drupaldrupal
6.14
drupaldrupal
6.15
drupaldrupal
6.16
drupaldrupal
6.17
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal6
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
ignored
jaunty
ignored
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://drupal.org/node/880476
http://marc.info/?l=oss-security&m=128418560705305&w=2
http://marc.info/?l=oss-security&m=128440896914512&w=2
http://www.debian.org/security/2010/dsa-2113
http://www.securityfocus.com/bid/42391
http://drupal.org/node/880476
http://marc.info/?l=oss-security&m=128418560705305&w=2
http://marc.info/?l=oss-security&m=128440896914512&w=2
http://www.debian.org/security/2010/dsa-2113
http://www.securityfocus.com/bid/42391