cve-2010-2158
Vulnerability from cvelistv5
Published
2010-06-07 14:00
Modified
2024-09-16 19:31
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://drupal.org/node/803770 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/39732 | Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:06.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/803770"
},
{
"name": "39732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-07T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/803770"
},
{
"name": "39732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/803770",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/803770"
},
{
"name": "39732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2158",
"datePublished": "2010-06-07T14:00:00Z",
"dateReserved": "2010-06-07T00:00:00Z",
"dateUpdated": "2024-09-16T19:31:46.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2010-2158\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-06-07T17:12:48.340\",\"lastModified\":\"2010-06-08T04:00:00.000\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.\"},{\"lang\":\"es\",\"value\":\"Multiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Storm v5.x y v6.x anterior a v6.x-1.33 para Drupal permite a usuarios autenticados remotamente, con ciertos privilegios del m\u00f3dulo, inyectar c\u00f3digo web o HTML a trav\u00e9s de los par\u00e1metros (1) fullname, (2) phone, o (3) im en una acci\u00f3n \\\"stormperson\\\" en index.php. NOTA: el origen de esta informaci\u00f3n es desconocido. Los detalles han sido obtenidos a partir de terceros.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":2.1},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"718B4A5C-F2A9-42DC-80D4-DE35DE71BDD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA7F66DF-755B-457F-9086-28A676F3BCCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76EE866-8CAE-484A-B5EC-7C0D6B9AC8BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4FD9336-F070-4D59-8DF2-17D6A70170EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31848202-5DCB-41AC-A2EA-8E30FC516D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99211688-2C2C-4C99-97FB-4D3D04B2116D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B46AB4CD-A59C-49DE-8FFE-5D2E8BEB6339\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B013C8A8-5DF0-4A60-B68A-2D4BF152247C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DCB50B2-2BC2-467C-AFE3-7CEBD0B1F49A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F907A10-5426-4FF6-B6A2-1BFC7C83C876\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"664E489B-0809-4A04-9878-A61C5B6077B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEE28A75-4746-42D4-B68C-85E16FA45F89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2735DC9-317B-47C4-9A1F-BF63CB42888F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7C1F2ED-21D4-4B58-893A-938955B017EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:5.x-1.x:dev:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A4CC6D5-0B84-4485-8287-544297D6C51D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"799CA80B-F3FA-4183-A791-2071A7DA1E54\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43E635EA-61AC-40A4-8288-73E3E5FCE13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11A4BD8A-BFFE-44A2-AA57-CC81360899B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24D5FF1D-D6EE-4F15-B8E8-B41031D88477\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"733ED38A-A409-4E4E-BE2F-9B7B2C6C4FFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54BBE17E-4AF9-4290-AC58-CCB9AE3A06AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF3B42E5-EB25-4117-B36F-59DE9C78D549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E8954D9-44A9-4E71-822D-0A691E93EE3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66662533-AC69-4D65-933D-58168C7B75B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"716B8287-EF97-4738-9D4A-DB6C95212A9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86D011B0-9806-4195-93FE-303ACB24D234\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2080F0BE-E4A8-445B-831C-D18489E95E48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57166D33-B6B0-47DE-9603-436F083F0393\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4B53D24-33A2-4630-8A7B-3DEB0A91B975\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D8E59A5-5CE4-4922-8368-E6FD0FBF87D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8D13A0F-E7A2-447A-AC78-A226C190BDFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0914D667-3C7F-48CB-BF14-04109450B69F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C250B6F-304B-4BA6-B2C5-897A76E33762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D53C8B02-0D37-4BFF-87FD-618A88785309\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE1F5F72-265B-42C0-B665-0C219C594701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D851C9E-FA2D-48B8-AB77-3E49B312348E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19044A29-2043-4D6E-BA6E-C055994A746D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D324D19-629A-4512-9714-2EBE85FFBFA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4286A4F-BFBA-44F4-88E9-3976C0AE7928\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E68EDCB-AD88-4C88-B058-001BEB684131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7AC535E-0ACB-4F0C-871E-8184991F6C53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3230D853-6AB9-4C10-929D-89DA826A26B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"640596F7-8AB3-4F81-83B3-E42E297708C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91CF5833-C397-472F-BFB2-D306C057E550\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35BCDA12-AA33-4BB4-AAA4-ED893669EAC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AD87EF1-7E01-43FE-A1A0-C4A60F2CE77A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A424B64-2FD8-4C42-B446-81B9C1FE18EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AA7D1D7-644D-4EEC-8783-0AC3A0C1118E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"469D3270-AE50-4098-89C7-DDF21A5372A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:speedtech:storm:6.x-1.x:dev:*:*:*:*:*:*\",\"matchCriteriaId\":\"6939DD1F-D81F-4589-A07B-967FBFACB7BC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"799CA80B-F3FA-4183-A791-2071A7DA1E54\"}]}]}],\"references\":[{\"url\":\"http://drupal.org/node/803770\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39732\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.