CVE-2010-3094

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.

References

http://www.securityfocus.com/bid/42391

http://www.debian.org/security/2010/dsa-2113

http://marc.info/?l=oss-security&m=128440896914512&w=2

http://marc.info/?l=oss-security&m=128418560705305&w=2

http://drupal.org/node/880476

Details

Source: Mitre, NVD

Published: 2010-09-21

Updated: 2010-09-22

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium