PT-2010-3767 · Drupal · Storm
Published
2010-06-07
·
Updated
2010-06-08
·
CVE-2010-2158
CVSS v2.0
2.1
Low
| Vector | AV:N/AC:H/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Storm module for Drupal versions 5.x and 6.x before 6.x-1.33
Description
The issue allows remote authenticated users with certain module privileges to inject arbitrary web script or HTML. This can be achieved via the
fullname, phone, or im parameter in a stormperson action to "index.php".Recommendations
For Storm module versions 5.x and 6.x before 6.x-1.33, update to version 6.x-1.33 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Storm