1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Candidate: CVE-2010-3094
PublicDate: 2010-09-21
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3094
Description:
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before
6.18 allow remote authenticated users with certain privileges to inject
arbitrary web script or HTML via (1) an action description, (2) an action
message, (3) a node, or (4) a taxonomy term, related to the actions feature
and the trigger module.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_drupal6:
debdiff: https://bugs.launchpad.net/ubuntu/karmic/+source/drupal5/+bug/539056
upstream_drupal6: released (6.18-1, 6.16-1)
dapper_drupal6: DNE
hardy_drupal6: DNE
jaunty_drupal6: ignored (reached end-of-life)
karmic_drupal6: ignored (reached end-of-life)
lucid_drupal6: not-affected (6.16-1)
maverick_drupal6: not-affected (6.18-1)
natty_drupal6: not-affected (6.18-1)
devel_drupal6: not-affected (6.18-1)
|