Lucene search

[email protected]CVE-2010-1976

HistoryMay 19, 2010 - 8:00 p.m.

CVE-2010-1976

2010-05-1920:00:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-1976

xss

vulnerability

drupal

taxonomy breadcrumb

module

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.5%

JSON

Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display.

Affected configurations

NVD

Node

michael_nicholstaxonomy_breadcrumbMatch6.x-0.1beta

michael_nicholstaxonomy_breadcrumbMatch6.x-1.0

michael_nicholstaxonomy_breadcrumbMatch6.x-1.xdev

AND

drupaldrupal

CPENameOperatorVersion
michael_nichols:taxonomy_breadcrumbmichael nichols taxonomy breadcrumbeq6.x-0.1
michael_nichols:taxonomy_breadcrumbmichael nichols taxonomy breadcrumbeq6.x-1.0
michael_nichols:taxonomy_breadcrumbmichael nichols taxonomy breadcrumbeq6.x-1.x

CPE	Name	Operator	Version
michael_nichols:taxonomy_breadcrumb	michael nichols taxonomy breadcrumb	eq	6.x-0.1
michael_nichols:taxonomy_breadcrumb	michael nichols taxonomy breadcrumb	eq	6.x-1.0
michael_nichols:taxonomy_breadcrumb	michael nichols taxonomy breadcrumb	eq	6.x-1.x

References

drupal.org/node/757974

drupal.org/node/757980

drupal.org/node/758456

osvdb.org/63424

secunia.com/advisories/39138

exchange.xforce.ibmcloud.com/vulnerabilities/57446

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.5%

JSON

Related for CVE-2010-1976

cvelist1 nvd1 prion1