CVE-2010-3094
Published: 21 September 2010
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.
Priority
Status
Package | Release | Status |
---|---|---|
drupal6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Not vulnerable
(6.16-1)
|
|
maverick |
Not vulnerable
(6.18-1)
|
|
natty |
Not vulnerable
(6.18-1)
|
|
upstream |
Released
(6.18-1, 6.16-1)
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/karmic/+source/drupal5/+bug/539056 |