CVE-2010-1584

medium

Description

Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/58521

http://www.theregister.co.uk/2010/05/10/drupal_security_bug/

http://www.securityfocus.com/bid/40056

http://www.madirish.net/?article=457

http://drupal.org/node/795118

http://drupal.org/node/794718

http://drupal.org/cvs?commit=365210

http://crackingdrupal.com/blog/greggles/mitigation-against-cve-2010-1584-drupal-context-module-xss

Details

Source: Mitre, NVD

Published: 2010-05-19

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00516

Detections

Analytics