2.1
CVE-2010-2000
- EPSS 0.23%
- Published 20.05.2010 17:30:01
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358.
Data is provided by the National Vulnerability Database (NVD)
Ron Jerome ≫ Bibliography Version5.x-1.0
Ron Jerome ≫ Bibliography Version5.x-1.1
Ron Jerome ≫ Bibliography Version5.x-1.10
Ron Jerome ≫ Bibliography Version5.x-1.11
Ron Jerome ≫ Bibliography Version5.x-1.12
Ron Jerome ≫ Bibliography Version5.x-1.13
Ron Jerome ≫ Bibliography Version5.x-1.14
Ron Jerome ≫ Bibliography Version5.x-1.15
Ron Jerome ≫ Bibliography Version5.x-1.16
Ron Jerome ≫ Bibliography Version5.x-1.17
Ron Jerome ≫ Bibliography Version6.x-1.0
Ron Jerome ≫ Bibliography Version6.x-1.0 Updaterc1
Ron Jerome ≫ Bibliography Version6.x-1.0 Updaterc2
Ron Jerome ≫ Bibliography Version6.x-1.0 Updaterc3
Ron Jerome ≫ Bibliography Version6.x-1.0 Updaterc4
Ron Jerome ≫ Bibliography Version6.x-1.0 Updaterc5
Ron Jerome ≫ Bibliography Version6.x-1.0-beta1
Ron Jerome ≫ Bibliography Version6.x-1.0-beta2
Ron Jerome ≫ Bibliography Version6.x-1.0-beta3
Ron Jerome ≫ Bibliography Version6.x-1.0-beta4
Ron Jerome ≫ Bibliography Version6.x-1.0-beta5
Ron Jerome ≫ Bibliography Version6.x-1.0-beta6
Ron Jerome ≫ Bibliography Version6.x-1.0-beta7
Ron Jerome ≫ Bibliography Version6.x-1.0-beta8
Ron Jerome ≫ Bibliography Version6.x-1.0-beta9
Ron Jerome ≫ Bibliography Version6.x-1.1
Ron Jerome ≫ Bibliography Version6.x-1.2
Ron Jerome ≫ Bibliography Version6.x-1.3
Ron Jerome ≫ Bibliography Version6.x-1.4
Ron Jerome ≫ Bibliography Version6.x-1.5
Ron Jerome ≫ Bibliography Version6.x-1.6
Ron Jerome ≫ Bibliography Version6.x-1.x-dev
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.462 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:N/AC:H/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.