VIR Vulnerability Intelligence Relay

CVE-2010-3094

low
Published 2010-09-21 · Modified 2024-02-08
CVSS v3
CVSS v2
2.1
VIR risk
2.1

Description

Drupal cross-site scripting vulnerability via actions feature and trigger module

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://drupal.org/node/880476

Package impact
EcosystemPackageVulnerableFixed
php Packagistdrupal/drupal>=6.0,<6.186.18

Application impact
VendorProductVersionsFixed
drupaldrupal6.0
drupaldrupal6.1
drupaldrupal6.2
drupaldrupal6.3
drupaldrupal6.4
drupaldrupal6.5
drupaldrupal6.6
drupaldrupal6.7
drupaldrupal6.8
drupaldrupal6.9
drupaldrupal6.10
drupaldrupal6.11
drupaldrupal6.12
drupaldrupal6.13
drupaldrupal6.14
drupaldrupal6.15
drupaldrupal6.16
drupaldrupal6.17

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.