Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-3094 | First vendor Publication | 2010-09-21 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:S/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | High |
| Cvss Expoit Score | 3.9 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3094 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12349 | |||
| Oval ID: | oval:org.mitre.oval:def:12349 | ||
| Title: | DSA-2113-1 drupal6 -- several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in drupal6 a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3091 Several issues have been discovered in the OpenID module that allows malicious access to user accounts. CVE-2010-3092 The upload module includes a potential bypass of access restrictions due to not checking letter case-sensitivity. CVE-2010-3093 The comment module has a privilege escalation issue that allows certain users to bypass limitations. CVE-2010-3094 Several cross-site scripting issues have been discovered in the Action feature. For the stable distribution, these problems have been fixed in version 6.6-3lenny6. For the testing distribution and the unstable distribution, these problems have been fixed in version 6.18-1. We recommend that you upgrade your drupal6 packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2113-1 CVE-2010-3091 CVE-2010-3092 CVE-2010-3093 CVE-2010-3094 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | drupal6 |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-10-10 | Name : Debian Security Advisory DSA 2113-1 (drupal6) File : nvt/deb_2113_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 67070 | Drupal Actions Feature Nodes and Taxonomy XSS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-09-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2113.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:07:31 |
|
| 2024-11-28 12:22:41 |
|
| 2021-05-04 12:12:00 |
|
| 2021-04-22 01:12:34 |
|
| 2020-05-23 00:26:19 |
|
| 2014-02-17 10:56:59 |
|
| 2013-05-10 23:31:01 |
|
