Fluid Attacks Database

Description

Drupal cross-site scripting vulnerability via actions feature and trigger module Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	drupal/drupal	>=6.0 <6.18	6.18

Aliases

1. CVE-2010-30942. NVD-2010-30943. OSV-2010-30944. GCVE-2010-3094

References

1. https://github.com/drupal/drupal/commit/4e8e0454b3bfc3b846cf4b7bcaca0e8f42f0c17a2. https://web.archive.org/web/20120915000000*/http://www.securityfocus.com/bid/423913. http://drupal.org/node/8804764. http://marc.info/?l=oss-security&m=128418560705305&w=25. http://marc.info/?l=oss-security&m=128440896914512&w=26. http://www.debian.org/security/2010/dsa-2113

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.