3 matches found
CVE-2010-2158
Multiple cross-site scripting XSS vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the 1 fullname, 2 phone, or 3 im parameter in a stormperson action to index.php...
CVE-2010-2158
The CVE-2010-2158 entry describes XSS vulnerabilities in the Drupal Storm module (versions 5.x and 6.x prior to 6.x-1.33). The issue is triggered by user-supplied values in the stormperson action, specifically the parameters fullname, phone, or im, which can be exploited by remote authenticated u...
CVE-2010-2158
Multiple cross-site scripting XSS vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the 1 fullname, 2 phone, or 3 im parameter in a stormperson action to index.php...