Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-2123

Опубликовано: 01 июн. 2010
Источник: nvd
CVSS2: 2.1
EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:speedtech:storm:5.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.4:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.5:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.6:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.7:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.8:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.9:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.10:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.11:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.12:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.13:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.14:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:5.x-1.x:dev:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:speedtech:storm:6.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.4:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.5:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.6:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.7:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.8:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.9:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.10:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.11:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.12:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.13:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.14:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.15:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.16:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.17:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.18:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.19:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.20:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.21:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.22:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.23:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.24:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.25:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.26:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.27:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.28:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.29:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.30:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.31:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.32:*:*:*:*:*:*:*
cpe:2.3:a:speedtech:storm:6.x-1.x:dev:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

EPSS

Процентиль: 50%
0.00267
Низкий

2.1 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

github логотип

GHSA-j4r6-3gh8-mr87

github
около 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information.

EPSS

Процентиль: 50%
0.00267
Низкий

2.1 Low

CVSS2

Дефекты

CWE-79