Description

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.

Remediation

References

CVE-2010-3094

Related Vulnerabilities

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-8769)

Contao CVE-2018-20028 Vulnerability (CVE-2018-20028)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0067)

Artifactory Insufficiently Protected Credentials Vulnerability (CVE-2018-1000424)

Oracle Database Server CVE-2018-3259 Vulnerability (CVE-2018-3259)

Severity

Low

Classification

CVE-2010-3094 CWE-707

Tags

Missing Update Known Vulnerabilities