Launchpad.net

CVE 2010-3094

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module.

Related bugs and status

CVE-2010-3094 (Candidate) is related to these bugs:

Bug #539056: backport security fixes from 6.19 and 5.23

		In	Importance	Status
539056	backport security fixes from 6.19 and 5.23	drupal6 (Ubuntu)	Medium	Fix Released
539056	backport security fixes from 6.19 and 5.23	drupal5 (Ubuntu)	Undecided	Invalid
539056	backport security fixes from 6.19 and 5.23	drupal5 (Ubuntu Hardy)	Medium	Fix Released
539056	backport security fixes from 6.19 and 5.23	drupal6 (Ubuntu Hardy)	Undecided	Invalid
539056	backport security fixes from 6.19 and 5.23	drupal5 (Ubuntu Jaunty)	Undecided	Won't Fix
539056	backport security fixes from 6.19 and 5.23	drupal6 (Ubuntu Jaunty)	Undecided	Won't Fix
539056	backport security fixes from 6.19 and 5.23	drupal5 (Ubuntu Karmic)	Medium	Fix Released
539056	backport security fixes from 6.19 and 5.23	drupal6 (Ubuntu Karmic)	Medium	Fix Released
539056	backport security fixes from 6.19 and 5.23	drupal5 (Ubuntu Lucid)	Undecided	Invalid
539056	backport security fixes from 6.19 and 5.23	drupal6 (Ubuntu Lucid)	Medium	Fix Released
539056	backport security fixes from 6.19 and 5.23	drupal5 (Ubuntu Maverick)	Undecided	Invalid
539056	backport security fixes from 6.19 and 5.23	drupal6 (Ubuntu Maverick)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-3094

Related bugs and status

Related bugs

References