CVE-2010-2123
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information.
Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Storm v5.x y v6.x anterior a v6.x-1.33para Drupal permite a usuarios autenticados remotamente, con ciertos privilegios del módulo, inyectar código web o HTML a través de los parámetros (1) fullname, (2) address, (3) city, (4) provstate (también conocido como state), (5) phone, o (6) taxid en una acción "stormorganization" en index.php; el parámetro (7) name en una acción "stormperson" en index.php; los parámetros (8) stepno (también conocido como Step no.) o (9) title en una acción "stormtask" en index.php; el parámetro (10) title (también conocido como Project) en una cción "stormticket" en index.php; o (11) parámetros sin especificar en una acción "stormproject" en index.php. NOTA: algunos de estos detalles se han obtenido de información de terceros
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-06-01 CVE Reserved
- 2010-06-01 CVE Published
- 2024-07-19 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.osvdb.org/64616 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58717 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/803770 | 2017-08-17 | |
| http://www.securityfocus.com/bid/40288 | 2017-08-17 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/39732 | 2017-08-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.1 Search vendor "Speedtech" for product "Storm" and version "5.x-1.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.2 Search vendor "Speedtech" for product "Storm" and version "5.x-1.2" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.3 Search vendor "Speedtech" for product "Storm" and version "5.x-1.3" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.4 Search vendor "Speedtech" for product "Storm" and version "5.x-1.4" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.5 Search vendor "Speedtech" for product "Storm" and version "5.x-1.5" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.6 Search vendor "Speedtech" for product "Storm" and version "5.x-1.6" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.7 Search vendor "Speedtech" for product "Storm" and version "5.x-1.7" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.8 Search vendor "Speedtech" for product "Storm" and version "5.x-1.8" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.9 Search vendor "Speedtech" for product "Storm" and version "5.x-1.9" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.10 Search vendor "Speedtech" for product "Storm" and version "5.x-1.10" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.11 Search vendor "Speedtech" for product "Storm" and version "5.x-1.11" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.12 Search vendor "Speedtech" for product "Storm" and version "5.x-1.12" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.13 Search vendor "Speedtech" for product "Storm" and version "5.x-1.13" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.14 Search vendor "Speedtech" for product "Storm" and version "5.x-1.14" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 5.x-1.x Search vendor "Speedtech" for product "Storm" and version "5.x-1.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.0 Search vendor "Speedtech" for product "Storm" and version "6.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.1 Search vendor "Speedtech" for product "Storm" and version "6.x-1.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.2 Search vendor "Speedtech" for product "Storm" and version "6.x-1.2" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.3 Search vendor "Speedtech" for product "Storm" and version "6.x-1.3" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.4 Search vendor "Speedtech" for product "Storm" and version "6.x-1.4" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.5 Search vendor "Speedtech" for product "Storm" and version "6.x-1.5" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.6 Search vendor "Speedtech" for product "Storm" and version "6.x-1.6" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.7 Search vendor "Speedtech" for product "Storm" and version "6.x-1.7" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.8 Search vendor "Speedtech" for product "Storm" and version "6.x-1.8" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.9 Search vendor "Speedtech" for product "Storm" and version "6.x-1.9" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.10 Search vendor "Speedtech" for product "Storm" and version "6.x-1.10" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.11 Search vendor "Speedtech" for product "Storm" and version "6.x-1.11" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.12 Search vendor "Speedtech" for product "Storm" and version "6.x-1.12" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.13 Search vendor "Speedtech" for product "Storm" and version "6.x-1.13" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.14 Search vendor "Speedtech" for product "Storm" and version "6.x-1.14" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.15 Search vendor "Speedtech" for product "Storm" and version "6.x-1.15" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.16 Search vendor "Speedtech" for product "Storm" and version "6.x-1.16" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.17 Search vendor "Speedtech" for product "Storm" and version "6.x-1.17" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.18 Search vendor "Speedtech" for product "Storm" and version "6.x-1.18" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.19 Search vendor "Speedtech" for product "Storm" and version "6.x-1.19" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.20 Search vendor "Speedtech" for product "Storm" and version "6.x-1.20" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.21 Search vendor "Speedtech" for product "Storm" and version "6.x-1.21" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.22 Search vendor "Speedtech" for product "Storm" and version "6.x-1.22" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.23 Search vendor "Speedtech" for product "Storm" and version "6.x-1.23" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.24 Search vendor "Speedtech" for product "Storm" and version "6.x-1.24" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.25 Search vendor "Speedtech" for product "Storm" and version "6.x-1.25" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.26 Search vendor "Speedtech" for product "Storm" and version "6.x-1.26" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.27 Search vendor "Speedtech" for product "Storm" and version "6.x-1.27" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.28 Search vendor "Speedtech" for product "Storm" and version "6.x-1.28" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.29 Search vendor "Speedtech" for product "Storm" and version "6.x-1.29" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.30 Search vendor "Speedtech" for product "Storm" and version "6.x-1.30" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.31 Search vendor "Speedtech" for product "Storm" and version "6.x-1.31" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.32 Search vendor "Speedtech" for product "Storm" and version "6.x-1.32" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Speedtech Search vendor "Speedtech" | Storm Search vendor "Speedtech" for product "Storm" | 6.x-1.x Search vendor "Speedtech" for product "Storm" and version "6.x-1.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|