CVE-2025-10217

A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting purposes while...

CVE-2025-10217

A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting purposes while...

PT-2025-39981

Name of the Vulnerable Software and Affected Versions Asset Suite affected versions not specified Description An authenticated user can manipulate performance-related log data or inject crafted data into logfiles. This could potentially enable further malicious attacks. Performance logging is...

CVE-2010-3022

Cross-site scripting XSS vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths i...

CVE-2010-3022

CVE-2010-3022 is a cross-site scripting (XSS) vulnerability in the Drupal Devel module's Performance logging component. Affected versions are Drupal Devel module 5.x prior to 5.x-1.3 and 6.x prior to 6.x-1.21. The issue allows remote authenticated users, granted add url aliases and report access ...

SA-CONTRIB-2010-079 - Devel (Performance logging) - Cross Site Scripting

The devel project is a suite of modules for developers and themers. Within the devel project, there is the performance logging module. The module does not escape URLs comprised of node paths, leading to a Cross Site Scripting XSS vulnerability. Users with the permission to access the reports that...