CVSS: 5.4EPSS: 0%CPEs: 51EXPL: 0CVE-2010-2158
https://notcve.org/view.php?id=CVE-2010-2158
07 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS)... • http://drupal.org/node/803770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 51EXPL: 1CVE-2010-2123
https://notcve.org/view.php?id=CVE-2010-2123
01 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.p... • http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2009-4515
https://notcve.org/view.php?id=CVE-2009-4515
31 Dec 2009 — The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors. El módulo Storm v6.x anterior a v6.x-1.25 para Drupal, no refuerza los requisitos de privilegios para los nodos storminvoiceitem; esto permite a atacantes remotos leer los títulos de los nodos a través de vectores no especificados. • http://drupal.org/node/617480 • CWE-264: Permissions, Privileges, and Access Controls •