CVE-2010-3094 – drupal/drupal

Package

Manager: composer
Name: drupal/drupal
Vulnerable Version: >=6.0 <6.18

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

EPSS: 0.00208 pctl0.43223

Details

Drupal cross-site scripting vulnerability via actions feature and trigger module Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.

Metadata

Created: 2022-05-17T05:48:23Z
Modified: 2024-02-08T15:36:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pjmx-4gc6-hwv8/GHSA-pjmx-4gc6-hwv8.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-pjmx-4gc6-hwv8
Finding: F425
Auto approve: 1