CVE-2010-1584

Drupal 6.16 With Context 6.x-2.0-rc3 Cross Site Scripting

Severity Score

2.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description.

Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Context anterior a v6.x-2.0-rc4 para Drupal permite a usuarios autenticados remotamente, con privilegios "Administer Blocks", inyectar código web o HTML a través de una descripción "block".

Drupal version 6.16 with Context 6.x-2.0-rc3 suffers from a cross site scripting vulnerability.

*Credits: N/A

CVSS Scores

NISTv2 2.1

Attack Vector

Network

Attack Complexity

High

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-04-27 CVE Reserved
2010-05-10 CVE Published
2023-03-07 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (9)

URL	Tag	Source
http://crackingdrupal.com/blog/greggles/mitigation-against-cve-2010-1584-drupal-context-module-xss	X_refsource_misc
http://drupal.org/cvs?commit=365210	X_refsource_confirm
http://drupal.org/node/794718	X_refsource_confirm
http://www.madirish.net/?article=457	X_refsource_misc
http://www.securityfocus.com/bid/40056	Vdb Entry
http://www.theregister.co.uk/2010/05/10/drupal_security_bug	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/58521	Vdb Entry

URL	Date	SRC
http://www.packetstormsecurity.com/1005-exploits/drupalab-xss.txt	2024-08-07

URL	Date	SRC
http://drupal.org/node/795118	2017-08-17

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Steven Jones Search vendor "Steven Jones"	Context Search vendor "Steven Jones" for product "Context"	<= 6.x-2.0 Search vendor "Steven Jones" for product "Context" and version " <= 6.x-2.0"	rc3	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Steven Jones Search vendor "Steven Jones"	Context Search vendor "Steven Jones" for product "Context"	6.x-2.0 Search vendor "Steven Jones" for product "Context" and version "6.x-2.0"	alpha1	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Steven Jones Search vendor "Steven Jones"	Context Search vendor "Steven Jones" for product "Context"	6.x-2.0 Search vendor "Steven Jones" for product "Context" and version "6.x-2.0"	alpha2	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Steven Jones Search vendor "Steven Jones"	Context Search vendor "Steven Jones" for product "Context"	6.x-2.0 Search vendor "Steven Jones" for product "Context" and version "6.x-2.0"	beta1	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Steven Jones Search vendor "Steven Jones"	Context Search vendor "Steven Jones" for product "Context"	6.x-2.0 Search vendor "Steven Jones" for product "Context" and version "6.x-2.0"	beta2	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Steven Jones Search vendor "Steven Jones"	Context Search vendor "Steven Jones" for product "Context"	6.x-2.0 Search vendor "Steven Jones" for product "Context" and version "6.x-2.0"	beta3	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Steven Jones Search vendor "Steven Jones"	Context Search vendor "Steven Jones" for product "Context"	6.x-2.0 Search vendor "Steven Jones" for product "Context" and version "6.x-2.0"	beta4	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Steven Jones Search vendor "Steven Jones"	Context Search vendor "Steven Jones" for product "Context"	6.x-2.0 Search vendor "Steven Jones" for product "Context" and version "6.x-2.0"	beta5	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Steven Jones Search vendor "Steven Jones"	Context Search vendor "Steven Jones" for product "Context"	6.x-2.0 Search vendor "Steven Jones" for product "Context" and version "6.x-2.0"	beta6	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Steven Jones Search vendor "Steven Jones"	Context Search vendor "Steven Jones" for product "Context"	6.x-2.0 Search vendor "Steven Jones" for product "Context" and version "6.x-2.0"	beta7	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Steven Jones Search vendor "Steven Jones"	Context Search vendor "Steven Jones" for product "Context"	6.x-2.0 Search vendor "Steven Jones" for product "Context" and version "6.x-2.0"	rc1	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe
Steven Jones Search vendor "Steven Jones"	Context Search vendor "Steven Jones" for product "Context"	6.x-2.0 Search vendor "Steven Jones" for product "Context" and version "6.x-2.0"	rc2	Affected	in	Drupal Search vendor "Drupal"	Drupal Search vendor "Drupal" for product "Drupal"	*	-	Safe