VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-1530

i18n: Multiple cross-site scripting (XSS) vulnerabilities...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1530

Original

Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-04-26

Source Information Category:

Advisory, Alert

Last Updated:

2010-04-27

Affected Product Tags

cpe:/a:drupal:drupal

cpe:/a:reyero:i18n:6.x-1.0

cpe:/a:reyero:i18n:6.x-1.0:beta1

cpe:/a:reyero:i18n:6.x-1.0:beta2

cpe:/a:reyero:i18n:6.x-1.0:beta3

cpe:/a:reyero:i18n:6.x-1.0:beta4

cpe:/a:reyero:i18n:6.x-1.0:beta6

cpe:/a:reyero:i18n:6.x-1.0:dev

cpe:/a:reyero:i18n:6.x-1.1

cpe:/a:reyero:i18n:6.x-1.2

cpe:/a:reyero:i18n:6.x-1.3

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 39304

CONFIRM http://drupal.org/node/764998

CONFIRM http://drupal.org/node/764906

OSVDB 63589

SECUNIA 39361

Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)