CVE-2026-48191

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

CVE-2026-48191 Wrong Permission Handling in Document Search Article Meta Filters

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

EUVD-2026-33549

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

CVE-2026-48191

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

PT-2026-45263

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

CVE-2009-4515

The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors...

EUVD-2009-4481

Malware in sbrugna...

EUVD-2010-2174

Malware in sbrugna...

EUVD-2010-2139

Malware in sbrugna...

CVE-2010-2158

Multiple cross-site scripting XSS vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the 1 fullname, 2 phone, or 3 im parameter in a stormperson action to index.php...

CVE-2010-2158

Multiple cross-site scripting XSS vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the 1 fullname, 2 phone, or 3 im parameter in a stormperson action to index.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the 1 fullname, 2 phone, or 3 im parameter in a stormperson action to index.php...

CVE-2010-2158

The CVE-2010-2158 entry describes XSS vulnerabilities in the Drupal Storm module (versions 5.x and 6.x prior to 6.x-1.33). The issue is triggered by user-supplied values in the stormperson action, specifically the parameters fullname, phone, or im, which can be exploited by remote authenticated u...

CVE-2010-2158

Multiple cross-site scripting XSS vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the 1 fullname, 2 phone, or 3 im parameter in a stormperson action to index.php...

CVE-2010-2123

Multiple cross-site scripting XSS vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the 1 fullname, 2 address, 3 city, 4 provstate aka state, 5 phone, or 6 taxid...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the 1 fullname, 2 address, 3 city, 4 provstate aka state, 5 phone, or 6 taxid...

CVE-2010-2123

Multiple cross-site scripting XSS vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the 1 fullname, 2 address, 3 city, 4 provstate aka state, 5 phone, or 6 taxid...

CVE-2010-2123

The CVE-2010-2123 entry describes multiple XSS vulnerabilities in Drupal’s Storm module (5.x and 6.x) prior to 6.x-1.33. The root cause is improper handling of user-supplied input in stormorganization, stormperson, stormtask, stormticket, and stormproject actions (via parameters such as fullname,...

Code injection

The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors...

CVE-2009-4515

The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors...