Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:S/C:N/I:P/A:N
Vendors Products
Wimleers
  • Hierarchical Select
Drupal
  • Drupal

Configuration 1 [-]

AND
OR cpe:2.3:a:wimleers:hierarchical_select:5.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-1.4:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-1.x:dev:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-2.0:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-2.0:beta2:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-2.1:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-2.2:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-2.x:dev:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-3.0:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-3.0:rc4:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-3.0:rc5:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-3.0:rc6:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-3.0:rc7:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-3.1:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:5.x-3.x:dev:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:wimleers:hierarchical_select:6.x-3.0:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:6.x-3.1:*:*:*:*:*:*:*
cpe:2.3:a:wimleers:hierarchical_select:6.x-3.x:dev:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
References
Link Resource
http://drupal.org/node/847488 Patch Vendor Advisory
http://osvdb.org/66117
http://secunia.com/advisories/40440 Vendor Advisory
http://www.securityfocus.com/bid/41450 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/60158
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-07-13T18:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2010-07-13T00:00:00

Link: CVE-2010-2724

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2010-07-13T18:30:02.467

Modified: 2017-08-17T01:32:48.713

Link: CVE-2010-2724

JSON object: View

cve-icon Redhat Information

No data.

CWE