Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Drupal Storm 1.32 Cross Site Scripting

🗓️ 14 May 2010 00:00:00Reported by Black PacketeerType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

Drupal Storm module vulnerabilities version 1.32 - Cross Site Scriptin

Code
`Drupal Storm module is a CRM type module that allows you to make orgs,  
people, tasks, and project. It is used on thousands of sites according to  
http://drupal.org/project/usage/storm. Storm version 1.32 have a lots of  
cross site scripting vulns.  
  
Sploits -  
* Make or view a Storm organization at ?q=node/add/stormorganization  
* <script>alert('sploit');</script> for the Fullname, address, city, state,  
phone, and taxid values  
* Save and watch scripts  
  
* Make new person, ?q=node/add/stormperson  
* <script>alert('sploit');</script> for the Name, enter and save it  
* Make new project at ?q=node/add/stormproject, use anything and save  
* Make new task at ?q=node/add/stormtask using this:  
* <script>alert('sploit');</script> for Step no. and Title  
* Go at ?q=node/add/stormticket  
* Change twice the 'Project:' drop-down to see js alerts  
  
* Make new ticket at ?q=node/add/stormticket  
* Go to Timetracking screen at ?q=node/add/stormtimetracking  
* Change the 'Project:' drop-down to view alerts  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 May 2010 00:00Current
7.4High risk
Vulners AI Score7.4
drupal stormmodulevulnerabilitiesversion 1.32cross site scriptingcrmorganizationspeopletasksprojectssploitsorganizationpersonprojecttasktickettimetracking.
30