Description

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.

Remediation

References

CVE-2010-3094

Related Vulnerabilities

WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4338)

PHP Other Vulnerability (CVE-2006-1608)

WordPress Plugin WP Activity Log SQL Injection (4.1.4)

WordPress Plugin BuddyPress Activity Plus Multiple Vulnerabilities (1.6.1)

PHP Other Vulnerability (CVE-2014-9425)

Severity

Low

Classification

CVE-2010-3094 CWE-707

Tags

Missing Update Known Vulnerabilities