CVE-2010-3094

EUVD-2022-4784
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
drupaldrupal
6.0
drupaldrupal
6.0:beta1
drupaldrupal
6.0:beta2
drupaldrupal
6.0:beta3
drupaldrupal
6.0:beta4
drupaldrupal
6.0:dev
drupaldrupal
6.0:rc1
drupaldrupal
6.0:rc2
drupaldrupal
6.0:rc3
drupaldrupal
6.0:rc4
drupaldrupal
6.1
drupaldrupal
6.2
drupaldrupal
6.3
drupaldrupal
6.4
drupaldrupal
6.5
drupaldrupal
6.6
drupaldrupal
6.7
drupaldrupal
6.8
drupaldrupal
6.9
drupaldrupal
6.10
drupaldrupal
6.11
drupaldrupal
6.12
drupaldrupal
6.13
drupaldrupal
6.14
drupaldrupal
6.15
drupaldrupal
6.16
drupaldrupal
6.17
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal6
dapper
dne
hardy
dne
jaunty
ignored
karmic
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
Common Weakness Enumeration
References
http://drupal.org/node/880476
http://marc.info/?l=oss-security&m=128418560705305&w=2
http://marc.info/?l=oss-security&m=128440896914512&w=2
http://www.debian.org/security/2010/dsa-2113
http://www.securityfocus.com/bid/42391
http://drupal.org/node/880476
http://marc.info/?l=oss-security&m=128418560705305&w=2
http://marc.info/?l=oss-security&m=128440896914512&w=2
http://www.debian.org/security/2010/dsa-2113
http://www.securityfocus.com/bid/42391