GHSA-pjmx-4gc6-hwv8

Suggest an improvement
Source
https://github.com/advisories/GHSA-pjmx-4gc6-hwv8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pjmx-4gc6-hwv8/GHSA-pjmx-4gc6-hwv8.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-pjmx-4gc6-hwv8
Aliases
  • CVE-2010-3094
Published
2022-05-17T05:48:23Z
Modified
2024-02-08T16:11:36.132990Z
Summary
Drupal cross-site scripting vulnerability via actions feature and trigger module
Details

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.

References

Affected packages

Packagist / drupal/drupal

Package

Name
drupal/drupal
Purl
pkg:composer/drupal/drupal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0
Fixed
6.18