CVE-2010-1539
Published Apr 26, 2010
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:N/AC:H/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CFCD73E7-AF32-4D65-ADAB-C38A296F75FB"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3A0CCFC-92B9-48B2-9205-4C3FCD76E5C9"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9493361F-1EEC-44A7-98B9-C5C3384C202F"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CBE717B5-ED74-4AE7-B5DD-B60FC48AAC47"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4D7D66A-3828-44CB-A38E-5052910A8588"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0F72183-AEB6-4EA6-9473-060055C0B5EC"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:5.x-2.x:dev:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFB1B349-52A8-46A1-AA9C-A018974661BF"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4831A82E-216B-40B6-BB69-251CBF6475F4"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAA18565-79DB-493A-981C-65E9E5A89740"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98FF3925-2D03-4E54-9596-5BDA6E807910"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66428E92-396C-435E-907C-CB44A7D49258"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D458714A-FD4A-4C89-ADF8-9A003749993C"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.0:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F93D053C-052C-402A-9DED-3BA81AF34053"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79FAA734-2CE6-4BC8-9A66-3A279F151658"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F1FA8BA-4393-4451-BD0C-BDDA08728BEA"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "162714F2-C953-48CE-9B65-67EEC3FE85EB"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6961C5A3-BB6E-4A1A-A777-AE20AAB0879E"
},
{
"criteria": "cpe:2.3:a:john_vandyk:workflow:6.x-1.x-dev:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "352CD782-FB9C-4EC7-B99B-BF4E1063CFAD"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]