CVE-2010-1584

Published May 19, 2010

Last updated 7 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:steven_jones:context:*:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DD2CCED-EEF0-4F89-812A-401736B46244",
            "versionEndIncluding": "6.x-2.0"
          },
          {
            "criteria": "cpe:2.3:a:steven_jones:context:6.x-2.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5502A2B-D8D1-4BC9-8902-C9F9A8C2AF6F"
          },
          {
            "criteria": "cpe:2.3:a:steven_jones:context:6.x-2.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B2438DF-817D-46D4-885D-CF6052BF4166"
          },
          {
            "criteria": "cpe:2.3:a:steven_jones:context:6.x-2.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBF39898-9E79-4B1C-BC00-B37CCA30088B"
          },
          {
            "criteria": "cpe:2.3:a:steven_jones:context:6.x-2.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BA71873-1CCC-4447-8C98-31FDA002AAEA"
          },
          {
            "criteria": "cpe:2.3:a:steven_jones:context:6.x-2.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DFE54DF-B6F2-4ECF-9283-DA3836D1DDAB"
          },
          {
            "criteria": "cpe:2.3:a:steven_jones:context:6.x-2.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4274C682-9E48-432D-9CA2-5CDB054864DD"
          },
          {
            "criteria": "cpe:2.3:a:steven_jones:context:6.x-2.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBBBDCEA-521C-46D1-9A35-2EA3234A3E6A"
          },
          {
            "criteria": "cpe:2.3:a:steven_jones:context:6.x-2.0:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68C704EE-E219-453C-BFE5-2B1E607B588A"
          },
          {
            "criteria": "cpe:2.3:a:steven_jones:context:6.x-2.0:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26EA9E05-CE12-4D64-A766-ED60D20C3923"
          },
          {
            "criteria": "cpe:2.3:a:steven_jones:context:6.x-2.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "903398AF-285F-4255-95B7-3FE4270AECF1"
          },
          {
            "criteria": "cpe:2.3:a:steven_jones:context:6.x-2.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F892763E-1C37-46D9-9DE3-3FC73F11F628"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References