{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-12T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/803770"}, {"name": "39732", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39732"}, {"name": "20100512 Drupal storm 1.32", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"}, {"name": "drupal-storm-unspecified-xss(58717)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"}, {"name": "40288", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/40288"}, {"name": "64616", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/64616"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2123", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://drupal.org/node/803770", "refsource": "CONFIRM", "url": "http://drupal.org/node/803770"}, {"name": "39732", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39732"}, {"name": "20100512 Drupal storm 1.32", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"}, {"name": "drupal-storm-unspecified-xss(58717)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"}, {"name": "40288", "refsource": "BID", "url": "http://www.securityfocus.com/bid/40288"}, {"name": "64616", "refsource": "OSVDB", "url": "http://www.osvdb.org/64616"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:25:06.337Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/803770"}, {"name": "39732", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39732"}, {"name": "20100512 Drupal storm 1.32", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"}, {"name": "drupal-storm-unspecified-xss(58717)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"}, {"name": "40288", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/40288"}, {"name": "64616", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/64616"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2123", "datePublished": "2010-06-01T21:00:00", "dateReserved": "2010-06-01T00:00:00", "dateUpdated": "2024-08-07T02:25:06.337Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "718B4A5C-F2A9-42DC-80D4-DE35DE71BDD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "EA7F66DF-755B-457F-9086-28A676F3BCCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B76EE866-8CAE-484A-B5EC-7C0D6B9AC8BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "C4FD9336-F070-4D59-8DF2-17D6A70170EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.5:*:*:*:*:*:*:*", "matchCriteriaId": "31848202-5DCB-41AC-A2EA-8E30FC516D7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.6:*:*:*:*:*:*:*", "matchCriteriaId": "99211688-2C2C-4C99-97FB-4D3D04B2116D", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.7:*:*:*:*:*:*:*", "matchCriteriaId": "B46AB4CD-A59C-49DE-8FFE-5D2E8BEB6339", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.8:*:*:*:*:*:*:*", "matchCriteriaId": "B013C8A8-5DF0-4A60-B68A-2D4BF152247C", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.9:*:*:*:*:*:*:*", "matchCriteriaId": "2DCB50B2-2BC2-467C-AFE3-7CEBD0B1F49A", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.10:*:*:*:*:*:*:*", "matchCriteriaId": "4F907A10-5426-4FF6-B6A2-1BFC7C83C876", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.11:*:*:*:*:*:*:*", "matchCriteriaId": "664E489B-0809-4A04-9878-A61C5B6077B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.12:*:*:*:*:*:*:*", "matchCriteriaId": "CEE28A75-4746-42D4-B68C-85E16FA45F89", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.13:*:*:*:*:*:*:*", "matchCriteriaId": "C2735DC9-317B-47C4-9A1F-BF63CB42888F", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.14:*:*:*:*:*:*:*", "matchCriteriaId": "D7C1F2ED-21D4-4B58-893A-938955B017EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:5.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "1A4CC6D5-0B84-4485-8287-544297D6C51D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.0:*:*:*:*:*:*:*", "matchCriteriaId": "43E635EA-61AC-40A4-8288-73E3E5FCE13E", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.1:*:*:*:*:*:*:*", "matchCriteriaId": "11A4BD8A-BFFE-44A2-AA57-CC81360899B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.2:*:*:*:*:*:*:*", "matchCriteriaId": "24D5FF1D-D6EE-4F15-B8E8-B41031D88477", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.3:*:*:*:*:*:*:*", "matchCriteriaId": "733ED38A-A409-4E4E-BE2F-9B7B2C6C4FFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.4:*:*:*:*:*:*:*", "matchCriteriaId": "54BBE17E-4AF9-4290-AC58-CCB9AE3A06AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.5:*:*:*:*:*:*:*", "matchCriteriaId": "CF3B42E5-EB25-4117-B36F-59DE9C78D549", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.6:*:*:*:*:*:*:*", "matchCriteriaId": "7E8954D9-44A9-4E71-822D-0A691E93EE3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.7:*:*:*:*:*:*:*", "matchCriteriaId": "66662533-AC69-4D65-933D-58168C7B75B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.8:*:*:*:*:*:*:*", "matchCriteriaId": "716B8287-EF97-4738-9D4A-DB6C95212A9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.9:*:*:*:*:*:*:*", "matchCriteriaId": "86D011B0-9806-4195-93FE-303ACB24D234", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.10:*:*:*:*:*:*:*", "matchCriteriaId": "2080F0BE-E4A8-445B-831C-D18489E95E48", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.11:*:*:*:*:*:*:*", "matchCriteriaId": "57166D33-B6B0-47DE-9603-436F083F0393", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.12:*:*:*:*:*:*:*", "matchCriteriaId": "A4B53D24-33A2-4630-8A7B-3DEB0A91B975", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.13:*:*:*:*:*:*:*", "matchCriteriaId": "9D8E59A5-5CE4-4922-8368-E6FD0FBF87D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C8D13A0F-E7A2-447A-AC78-A226C190BDFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.15:*:*:*:*:*:*:*", "matchCriteriaId": "0914D667-3C7F-48CB-BF14-04109450B69F", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.16:*:*:*:*:*:*:*", "matchCriteriaId": "9C250B6F-304B-4BA6-B2C5-897A76E33762", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.17:*:*:*:*:*:*:*", "matchCriteriaId": "D53C8B02-0D37-4BFF-87FD-618A88785309", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.18:*:*:*:*:*:*:*", "matchCriteriaId": "FE1F5F72-265B-42C0-B665-0C219C594701", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.19:*:*:*:*:*:*:*", "matchCriteriaId": "0D851C9E-FA2D-48B8-AB77-3E49B312348E", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.20:*:*:*:*:*:*:*", "matchCriteriaId": "19044A29-2043-4D6E-BA6E-C055994A746D", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.21:*:*:*:*:*:*:*", "matchCriteriaId": "3D324D19-629A-4512-9714-2EBE85FFBFA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.22:*:*:*:*:*:*:*", "matchCriteriaId": "F4286A4F-BFBA-44F4-88E9-3976C0AE7928", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.23:*:*:*:*:*:*:*", "matchCriteriaId": "0E68EDCB-AD88-4C88-B058-001BEB684131", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.24:*:*:*:*:*:*:*", "matchCriteriaId": "E7AC535E-0ACB-4F0C-871E-8184991F6C53", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.25:*:*:*:*:*:*:*", "matchCriteriaId": "3230D853-6AB9-4C10-929D-89DA826A26B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.26:*:*:*:*:*:*:*", "matchCriteriaId": "640596F7-8AB3-4F81-83B3-E42E297708C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.27:*:*:*:*:*:*:*", "matchCriteriaId": "91CF5833-C397-472F-BFB2-D306C057E550", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.28:*:*:*:*:*:*:*", "matchCriteriaId": "35BCDA12-AA33-4BB4-AAA4-ED893669EAC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.29:*:*:*:*:*:*:*", "matchCriteriaId": "1AD87EF1-7E01-43FE-A1A0-C4A60F2CE77A", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.30:*:*:*:*:*:*:*", "matchCriteriaId": "7A424B64-2FD8-4C42-B446-81B9C1FE18EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.31:*:*:*:*:*:*:*", "matchCriteriaId": "5AA7D1D7-644D-4EEC-8783-0AC3A0C1118E", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.32:*:*:*:*:*:*:*", "matchCriteriaId": "469D3270-AE50-4098-89C7-DDF21A5372A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:speedtech:storm:6.x-1.x:dev:*:*:*:*:*:*", "matchCriteriaId": "6939DD1F-D81F-4589-A07B-967FBFACB7BC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.php; the (10) title (aka Project) parameter in a stormticket action to index.php; or (11) unspecified parameters in a stormproject action to index.php. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Storm v5.x y v6.x anterior a v6.x-1.33para Drupal permite a usuarios autenticados remotamente, con ciertos privilegios del m\u00f3dulo, inyectar c\u00f3digo web o HTML a trav\u00e9s de los par\u00e1metros (1) fullname, (2) address, (3) city, (4) provstate (tambi\u00e9n conocido como state), (5) phone, o (6) taxid en una acci\u00f3n \"stormorganization\" en index.php; el par\u00e1metro (7) name en una acci\u00f3n \"stormperson\" en index.php; los par\u00e1metros (8) stepno (tambi\u00e9n conocido como Step no.) o (9) title en una acci\u00f3n \"stormtask\" en index.php; el par\u00e1metro (10) title (tambi\u00e9n conocido como Project) en una cci\u00f3n \"stormticket\" en index.php; o (11) par\u00e1metros sin especificar en una acci\u00f3n \"stormproject\" en index.php. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros"}], "id": "CVE-2010-2123", "lastModified": "2017-08-17T01:32:37.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-06-01T21:30:01.103", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory", "Patch"], "url": "http://drupal.org/node/803770"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39732"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/64616"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/40288"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58717"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}