All the vulnerabilites related to speedtech - storm
Vulnerability from fkie_nvd
Published
2009-12-31 19:30
Modified
2024-11-21 01:09
Severity ?
Summary
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| speedtech | storm | 6.x-1.0 | |
| speedtech | storm | 6.x-1.1 | |
| speedtech | storm | 6.x-1.2 | |
| speedtech | storm | 6.x-1.3 | |
| speedtech | storm | 6.x-1.4 | |
| speedtech | storm | 6.x-1.5 | |
| speedtech | storm | 6.x-1.6 | |
| speedtech | storm | 6.x-1.7 | |
| speedtech | storm | 6.x-1.8 | |
| speedtech | storm | 6.x-1.9 | |
| speedtech | storm | 6.x-1.10 | |
| speedtech | storm | 6.x-1.11 | |
| speedtech | storm | 6.x-1.12 | |
| speedtech | storm | 6.x-1.13 | |
| speedtech | storm | 6.x-1.14 | |
| speedtech | storm | 6.x-1.15 | |
| speedtech | storm | 6.x-1.16 | |
| speedtech | storm | 6.x-1.17 | |
| speedtech | storm | 6.x-1.18 | |
| speedtech | storm | 6.x-1.19 | |
| speedtech | storm | 6.x-1.20 | |
| speedtech | storm | 6.x-1.21 | |
| speedtech | storm | 6.x-1.22 | |
| speedtech | storm | 6.x-1.23 | |
| speedtech | storm | 6.x-1.24 | |
| speedtech | storm | 6.x-1.x | |
| drupal | drupal | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43E635EA-61AC-40A4-8288-73E3E5FCE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11A4BD8A-BFFE-44A2-AA57-CC81360899B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D5FF1D-D6EE-4F15-B8E8-B41031D88477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "733ED38A-A409-4E4E-BE2F-9B7B2C6C4FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54BBE17E-4AF9-4290-AC58-CCB9AE3A06AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3B42E5-EB25-4117-B36F-59DE9C78D549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8954D9-44A9-4E71-822D-0A691E93EE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "66662533-AC69-4D65-933D-58168C7B75B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "716B8287-EF97-4738-9D4A-DB6C95212A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "86D011B0-9806-4195-93FE-303ACB24D234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2080F0BE-E4A8-445B-831C-D18489E95E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "57166D33-B6B0-47DE-9603-436F083F0393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B53D24-33A2-4630-8A7B-3DEB0A91B975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E59A5-5CE4-4922-8368-E6FD0FBF87D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D13A0F-E7A2-447A-AC78-A226C190BDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0914D667-3C7F-48CB-BF14-04109450B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9C250B6F-304B-4BA6-B2C5-897A76E33762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D53C8B02-0D37-4BFF-87FD-618A88785309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1F5F72-265B-42C0-B665-0C219C594701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0D851C9E-FA2D-48B8-AB77-3E49B312348E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "19044A29-2043-4D6E-BA6E-C055994A746D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3D324D19-629A-4512-9714-2EBE85FFBFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F4286A4F-BFBA-44F4-88E9-3976C0AE7928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "0E68EDCB-AD88-4C88-B058-001BEB684131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AC535E-0ACB-4F0C-871E-8184991F6C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "6939DD1F-D81F-4589-A07B-967FBFACB7BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00f3dulo Storm v6.x anterior a v6.x-1.25 para Drupal, no refuerza los requisitos de privilegios para los nodos storminvoiceitem; esto permite a atacantes remotos leer los t\u00edtulos de los nodos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4515",
"lastModified": "2024-11-21T01:09:48.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-31T19:30:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/617480"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/617494"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37202"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36879"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/617480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/617494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3090"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-07 17:12
Modified
2024-11-21 01:16
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://drupal.org/node/803770 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39732 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://drupal.org/node/803770 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/39732 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "718B4A5C-F2A9-42DC-80D4-DE35DE71BDD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7F66DF-755B-457F-9086-28A676F3BCCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B76EE866-8CAE-484A-B5EC-7C0D6B9AC8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FD9336-F070-4D59-8DF2-17D6A70170EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31848202-5DCB-41AC-A2EA-8E30FC516D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "99211688-2C2C-4C99-97FB-4D3D04B2116D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B46AB4CD-A59C-49DE-8FFE-5D2E8BEB6339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B013C8A8-5DF0-4A60-B68A-2D4BF152247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCB50B2-2BC2-467C-AFE3-7CEBD0B1F49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4F907A10-5426-4FF6-B6A2-1BFC7C83C876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "664E489B-0809-4A04-9878-A61C5B6077B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE28A75-4746-42D4-B68C-85E16FA45F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C2735DC9-317B-47C4-9A1F-BF63CB42888F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C1F2ED-21D4-4B58-893A-938955B017EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "1A4CC6D5-0B84-4485-8287-544297D6C51D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43E635EA-61AC-40A4-8288-73E3E5FCE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11A4BD8A-BFFE-44A2-AA57-CC81360899B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D5FF1D-D6EE-4F15-B8E8-B41031D88477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "733ED38A-A409-4E4E-BE2F-9B7B2C6C4FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54BBE17E-4AF9-4290-AC58-CCB9AE3A06AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3B42E5-EB25-4117-B36F-59DE9C78D549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8954D9-44A9-4E71-822D-0A691E93EE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "66662533-AC69-4D65-933D-58168C7B75B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "716B8287-EF97-4738-9D4A-DB6C95212A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "86D011B0-9806-4195-93FE-303ACB24D234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2080F0BE-E4A8-445B-831C-D18489E95E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "57166D33-B6B0-47DE-9603-436F083F0393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B53D24-33A2-4630-8A7B-3DEB0A91B975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E59A5-5CE4-4922-8368-E6FD0FBF87D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D13A0F-E7A2-447A-AC78-A226C190BDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0914D667-3C7F-48CB-BF14-04109450B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9C250B6F-304B-4BA6-B2C5-897A76E33762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D53C8B02-0D37-4BFF-87FD-618A88785309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1F5F72-265B-42C0-B665-0C219C594701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0D851C9E-FA2D-48B8-AB77-3E49B312348E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "19044A29-2043-4D6E-BA6E-C055994A746D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3D324D19-629A-4512-9714-2EBE85FFBFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F4286A4F-BFBA-44F4-88E9-3976C0AE7928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "0E68EDCB-AD88-4C88-B058-001BEB684131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AC535E-0ACB-4F0C-871E-8184991F6C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D853-6AB9-4C10-929D-89DA826A26B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "640596F7-8AB3-4F81-83B3-E42E297708C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "91CF5833-C397-472F-BFB2-D306C057E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "35BCDA12-AA33-4BB4-AAA4-ED893669EAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD87EF1-7E01-43FE-A1A0-C4A60F2CE77A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "7A424B64-2FD8-4C42-B446-81B9C1FE18EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA7D1D7-644D-4EEC-8783-0AC3A0C1118E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "469D3270-AE50-4098-89C7-DDF21A5372A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "6939DD1F-D81F-4589-A07B-967FBFACB7BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Storm v5.x y v6.x anterior a v6.x-1.33 para Drupal permite a usuarios autenticados remotamente, con ciertos privilegios del m\u00f3dulo, inyectar c\u00f3digo web o HTML a trav\u00e9s de los par\u00e1metros (1) fullname, (2) phone, o (3) im en una acci\u00f3n \"stormperson\" en index.php. NOTA: el origen de esta informaci\u00f3n es desconocido. Los detalles han sido obtenidos a partir de terceros."
}
],
"id": "CVE-2010-2158",
"lastModified": "2024-11-21T01:16:02.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-07T17:12:48.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/803770"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/803770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39732"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-01 21:30
Modified
2024-11-21 01:15
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "718B4A5C-F2A9-42DC-80D4-DE35DE71BDD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7F66DF-755B-457F-9086-28A676F3BCCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B76EE866-8CAE-484A-B5EC-7C0D6B9AC8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FD9336-F070-4D59-8DF2-17D6A70170EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31848202-5DCB-41AC-A2EA-8E30FC516D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "99211688-2C2C-4C99-97FB-4D3D04B2116D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B46AB4CD-A59C-49DE-8FFE-5D2E8BEB6339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B013C8A8-5DF0-4A60-B68A-2D4BF152247C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCB50B2-2BC2-467C-AFE3-7CEBD0B1F49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4F907A10-5426-4FF6-B6A2-1BFC7C83C876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "664E489B-0809-4A04-9878-A61C5B6077B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE28A75-4746-42D4-B68C-85E16FA45F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C2735DC9-317B-47C4-9A1F-BF63CB42888F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D7C1F2ED-21D4-4B58-893A-938955B017EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "1A4CC6D5-0B84-4485-8287-544297D6C51D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43E635EA-61AC-40A4-8288-73E3E5FCE13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11A4BD8A-BFFE-44A2-AA57-CC81360899B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24D5FF1D-D6EE-4F15-B8E8-B41031D88477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "733ED38A-A409-4E4E-BE2F-9B7B2C6C4FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54BBE17E-4AF9-4290-AC58-CCB9AE3A06AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3B42E5-EB25-4117-B36F-59DE9C78D549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8954D9-44A9-4E71-822D-0A691E93EE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "66662533-AC69-4D65-933D-58168C7B75B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "716B8287-EF97-4738-9D4A-DB6C95212A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "86D011B0-9806-4195-93FE-303ACB24D234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2080F0BE-E4A8-445B-831C-D18489E95E48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "57166D33-B6B0-47DE-9603-436F083F0393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B53D24-33A2-4630-8A7B-3DEB0A91B975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9D8E59A5-5CE4-4922-8368-E6FD0FBF87D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D13A0F-E7A2-447A-AC78-A226C190BDFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0914D667-3C7F-48CB-BF14-04109450B69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9C250B6F-304B-4BA6-B2C5-897A76E33762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "D53C8B02-0D37-4BFF-87FD-618A88785309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1F5F72-265B-42C0-B665-0C219C594701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0D851C9E-FA2D-48B8-AB77-3E49B312348E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "19044A29-2043-4D6E-BA6E-C055994A746D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3D324D19-629A-4512-9714-2EBE85FFBFA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F4286A4F-BFBA-44F4-88E9-3976C0AE7928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "0E68EDCB-AD88-4C88-B058-001BEB684131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AC535E-0ACB-4F0C-871E-8184991F6C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3230D853-6AB9-4C10-929D-89DA826A26B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "640596F7-8AB3-4F81-83B3-E42E297708C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "91CF5833-C397-472F-BFB2-D306C057E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "35BCDA12-AA33-4BB4-AAA4-ED893669EAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD87EF1-7E01-43FE-A1A0-C4A60F2CE77A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "7A424B64-2FD8-4C42-B446-81B9C1FE18EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "5AA7D1D7-644D-4EEC-8783-0AC3A0C1118E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "469D3270-AE50-4098-89C7-DDF21A5372A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "6939DD1F-D81F-4589-A07B-967FBFACB7BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Storm v5.x y v6.x anterior a v6.x-1.33para Drupal permite a usuarios autenticados remotamente, con ciertos privilegios del m\u00f3dulo, inyectar c\u00f3digo web o HTML a trav\u00e9s de los par\u00e1metros (1) fullname, (2) address, (3) city, (4) provstate (tambi\u00e9n conocido como state), (5) phone, o (6) taxid en una acci\u00f3n \"stormorganization\" en index.php; el par\u00e1metro (7) name en una acci\u00f3n \"stormperson\" en index.php; los par\u00e1metros (8) stepno (tambi\u00e9n conocido como Step no.) o (9) title en una acci\u00f3n \"stormtask\" en index.php; el par\u00e1metro (10) title (tambi\u00e9n conocido como Project) en una cci\u00f3n \"stormticket\" en index.php; o (11) par\u00e1metros sin especificar en una acci\u00f3n \"stormproject\" en index.php. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros"
}
],
"id": "CVE-2010-2123",
"lastModified": "2024-11-21T01:15:57.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-01T21:30:01.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/803770"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39732"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/64616"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40288"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/803770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/64616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/40288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2010-2158
Vulnerability from cvelistv5
Published
2010-06-07 14:00
Modified
2024-09-16 19:31
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/803770 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/39732 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:06.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/803770"
},
{
"name": "39732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-07T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/803770"
},
{
"name": "39732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/803770",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/803770"
},
{
"name": "39732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2158",
"datePublished": "2010-06-07T14:00:00Z",
"dateReserved": "2010-06-07T00:00:00Z",
"dateUpdated": "2024-09-16T19:31:46.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4515
Vulnerability from cvelistv5
Published
2009-12-31 19:00
Modified
2024-09-17 03:22
Severity ?
EPSS score ?
Summary
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/37202 | third-party-advisory, x_refsource_SECUNIA | |
| http://drupal.org/node/617480 | x_refsource_CONFIRM | |
| http://drupal.org/node/617494 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/3090 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/36879 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:36.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/617480"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/617494"
},
{
"name": "ADV-2009-3090",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3090"
},
{
"name": "36879",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36879"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-31T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37202",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/617480"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/617494"
},
{
"name": "ADV-2009-3090",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3090"
},
{
"name": "36879",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36879"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37202"
},
{
"name": "http://drupal.org/node/617480",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/617480"
},
{
"name": "http://drupal.org/node/617494",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/617494"
},
{
"name": "ADV-2009-3090",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3090"
},
{
"name": "36879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36879"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4515",
"datePublished": "2009-12-31T19:00:00Z",
"dateReserved": "2009-12-31T00:00:00Z",
"dateUpdated": "2024-09-17T03:22:46.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2123
Vulnerability from cvelistv5
Published
2010-06-01 21:00
Modified
2024-08-07 02:25
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/803770 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/39732 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58717 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/40288 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/64616 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:06.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/803770"
},
{
"name": "39732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39732"
},
{
"name": "20100512 Drupal storm 1.32",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"
},
{
"name": "drupal-storm-unspecified-xss(58717)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"
},
{
"name": "40288",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40288"
},
{
"name": "64616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/64616"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/803770"
},
{
"name": "39732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39732"
},
{
"name": "20100512 Drupal storm 1.32",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"
},
{
"name": "drupal-storm-unspecified-xss(58717)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"
},
{
"name": "40288",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40288"
},
{
"name": "64616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/64616"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/803770",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/803770"
},
{
"name": "39732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39732"
},
{
"name": "20100512 Drupal storm 1.32",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"
},
{
"name": "drupal-storm-unspecified-xss(58717)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"
},
{
"name": "40288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40288"
},
{
"name": "64616",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/64616"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2123",
"datePublished": "2010-06-01T21:00:00",
"dateReserved": "2010-06-01T00:00:00",
"dateUpdated": "2024-08-07T02:25:06.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}