English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

CVE-2010-2158

Low
Low Medium High Critical
CVSS Score
Published: Jun 07, 2010
Last Modified: Apr 11, 2025
CWE: CWE-79

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Known Affected Software

49 configuration(s) from 1 vendor(s)

storm
Version:
5.x-1.7
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.7:*:*:*:*:*:*:*
storm
Version:
6.x-1.26
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.26:*:*:*:*:*:*:*
storm
Version:
6.x-1.24
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.24:*:*:*:*:*:*:*
storm
Version:
5.x-1.6
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.6:*:*:*:*:*:*:*
storm
Version:
6.x-1.11
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.11:*:*:*:*:*:*:*
storm
Version:
5.x-1.14
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.14:*:*:*:*:*:*:*
storm
Version:
6.x-1.2
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.2:*:*:*:*:*:*:*
storm
Version:
6.x-1.8
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.8:*:*:*:*:*:*:*
storm
Version:
6.x-1.5
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.5:*:*:*:*:*:*:*
storm
Version:
6.x-1.30
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.30:*:*:*:*:*:*:*
storm
Version:
5.x-1.11
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.11:*:*:*:*:*:*:*
storm
Version:
5.x-1.x
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.x:dev:*:*:*:*:*:*
storm
Version:
6.x-1.31
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.31:*:*:*:*:*:*:*
storm
Version:
6.x-1.18
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.18:*:*:*:*:*:*:*
storm
Version:
6.x-1.21
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.21:*:*:*:*:*:*:*
storm
Version:
6.x-1.0
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.0:*:*:*:*:*:*:*
storm
Version:
6.x-1.15
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.15:*:*:*:*:*:*:*
storm
Version:
6.x-1.7
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.7:*:*:*:*:*:*:*
storm
Version:
6.x-1.19
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.19:*:*:*:*:*:*:*
storm
Version:
5.x-1.10
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.10:*:*:*:*:*:*:*
storm
Version:
6.x-1.22
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.22:*:*:*:*:*:*:*
storm
Version:
5.x-1.8
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.8:*:*:*:*:*:*:*
storm
Version:
5.x-1.2
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.2:*:*:*:*:*:*:*
storm
Version:
6.x-1.1
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.1:*:*:*:*:*:*:*
storm
Version:
6.x-1.20
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.20:*:*:*:*:*:*:*
storm
Version:
6.x-1.x
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.x:dev:*:*:*:*:*:*
storm
Version:
6.x-1.17
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.17:*:*:*:*:*:*:*
storm
Version:
6.x-1.14
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.14:*:*:*:*:*:*:*
storm
Version:
6.x-1.3
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.3:*:*:*:*:*:*:*
storm
Version:
6.x-1.4
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.4:*:*:*:*:*:*:*
storm
Version:
5.x-1.3
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.3:*:*:*:*:*:*:*
storm
Version:
6.x-1.27
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.27:*:*:*:*:*:*:*
storm
Version:
6.x-1.9
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.9:*:*:*:*:*:*:*
storm
Version:
6.x-1.6
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.6:*:*:*:*:*:*:*
storm
Version:
5.x-1.1
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.1:*:*:*:*:*:*:*
storm
Version:
6.x-1.23
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.23:*:*:*:*:*:*:*
storm
Version:
6.x-1.13
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.13:*:*:*:*:*:*:*
storm
Version:
6.x-1.12
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.12:*:*:*:*:*:*:*
storm
Version:
5.x-1.13
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.13:*:*:*:*:*:*:*
storm
Version:
6.x-1.10
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.10:*:*:*:*:*:*:*
storm
Version:
6.x-1.32
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.32:*:*:*:*:*:*:*
storm
Version:
5.x-1.9
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.9:*:*:*:*:*:*:*
storm
Version:
5.x-1.4
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.4:*:*:*:*:*:*:*
storm
Version:
5.x-1.5
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.5:*:*:*:*:*:*:*
storm
Version:
6.x-1.28
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.28:*:*:*:*:*:*:*
storm
Version:
5.x-1.12
CPE:
cpe:2.3:a:speedtech:storm:5.x-1.12:*:*:*:*:*:*:*
storm
Version:
6.x-1.16
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.16:*:*:*:*:*:*:*
storm
Version:
6.x-1.25
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.25:*:*:*:*:*:*:*
storm
Version:
6.x-1.29
CPE:
cpe:2.3:a:speedtech:storm:6.x-1.29:*:*:*:*:*:*:*
This vulnerability affects 49 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0
Low

Weakness Type (CWE)

CWE-79 Top 25 #1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploit Likelihood
High
Typical Severity
Medium
OWASP Top 10
A03:2021-Injection
Abstraction Level
Base
View CWE Details on MITRE

Key Information

Published Date
June 07, 2010

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record