CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2010-2002
https://notcve.org/view.php?id=CVE-2010-2002
Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Wordfilter v5.x anteriores a v5.x-1.1 y 6.x anteriores v6.x-1.1 para Drupal permite a usuarios autenticados en remoto, con privilegios "administer words filtered", inyectar código web o HTML a través de una lista de palabras. • http://drupal.org/node/796618 http://drupal.org/node/796620 http://drupal.org/node/797208 http://secunia.com/advisories/39811 http://www.securityfocus.com/bid/40119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •