CVE-2010-2158

Name of the Vulnerable Software and Affected Versions Storm module for Drupal versions 5.x and 6.x before 6.x-1.33

Description The issue allows remote authenticated users with certain module privileges to inject arbitrary web script or HTML. This can be achieved via the fullname, phone, or im parameter in a stormperson action to "index.php".

Recommendations For Storm module versions 5.x and 6.x before 6.x-1.33, update to version 6.x-1.33 or later to resolve the issue.