CVE-2010-3094

NameCVE-2010-3094
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2113-1
NVD severitylow (attack range: remote)
Debian Bugs592716

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
drupal6source(unstable)6.18-1low592716
drupal6sourcelenny6.6-3lenny6lowDSA-2113-1

Search for package or bug name: Reporting problems