CVE-2010-3022

Published Aug 16, 2010

Last updated 3 months ago

CVSS info 2.6

Overview

Description: Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 2.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D2A0A4B-C98C-4009-9C4D-6B97AF93DAE7",
            "versionEndIncluding": "5x-1.2"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28598F8A-82A9-4520-9277-9729547E7AAE",
            "versionEndIncluding": "6.x-1.20"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:5.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46E36EBD-7511-4CE5-B0B1-273B819F4B74"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:5.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C25C771D-7AB0-42D7-8B5E-6DCD95C05B50"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:5.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4B1E6E6-1599-49E6-9ADA-3E6B436FDDE8"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F35D9CF-45FB-49CF-8246-584FD30D3F80"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBA3DFF2-7F61-41B0-92B9-7C3F957A5CF8"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9EE663F-EC06-448E-9682-E0782396C0AB"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B5ABA62-B08B-4C0E-A54C-B2557D209A35"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42539489-E85A-413A-8196-E726B277776F"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA4C9B4B-41C8-4414-8484-E29B8A6EB945"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A1EC4C7-2327-4C5D-BB20-A8C35A193659"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE9E10E1-7F0A-45A1-B357-075F924B4CD5"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75060E0E-A937-4DA2-A12B-297CC8A85A35"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E24BD37-2BBE-48C2-94F0-9BD667ABAAEE"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB767686-6AF3-4984-8B1C-482E3BCEA10D"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE203571-F380-4784-875B-2BC6B3CD5F8F"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE5ED195-87D9-42F0-AAB2-09C890C58A4A"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8943480E-5723-40B7-82B2-724F132C8911"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E466D2D8-2689-4568-B71E-F672B74C58F8"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14203628-6B66-455F-BFE3-498E521FB2EB"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C89017C5-2C36-4BA6-BA5B-75F8D9776E35"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04F0CC90-0F52-46DD-B142-5E9CF57E433C"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71B21D8A-2E51-4967-8F8F-3E385EB68A63"
          },
          {
            "criteria": "cpe:2.3:a:drupal:devel_module:6.x-1.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC4266FD-FA2D-4B3B-9F8F-867B93B08E5A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References