Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SpeedtechStorm

3 matches found

CVE
CVEadded 2010/06/01 9:0 p.m.46 views

CVE-2010-2123

The CVE-2010-2123 entry describes multiple XSS vulnerabilities in Drupal’s Storm module (5.x and 6.x) prior to 6.x-1.33. The root cause is improper handling of user-supplied input in stormorganization, stormperson, stormtask, stormticket, and stormproject actions (via parameters such as fullname,...

2.1CVSS5.6AI score0.01509EPSS
CVE
CVEadded 2010/06/07 2:0 p.m.46 views

CVE-2010-2158

The CVE-2010-2158 entry describes XSS vulnerabilities in the Drupal Storm module (versions 5.x and 6.x prior to 6.x-1.33). The issue is triggered by user-supplied values in the stormperson action, specifically the parameters fullname, phone, or im, which can be exploited by remote authenticated u...

2.1CVSS5.4AI score0.00662EPSS
CVE
CVEadded 2009/12/31 7:0 p.m.37 views

CVE-2009-4515

The Storm module for Drupal (6.x before 6.x-1.25) does not enforce privilege requirements for storminvoiceitem nodes, allowing remote attackers to read node titles via unspecified vectors. This affects confidentiality (partial). No exploit details are provided in the documents. Remediation: upgra...

5CVSS6.7AI score0.01256EPSS