Vulnerability Name:

CVE-2010-1358 (CCN-55635)

Assigned:2010-01-13
Published:2010-01-13
Updated:2010-04-14
Summary:Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors.
CVSS v3 Severity:2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N)
1.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-1358

Source: CCN
Type: SA-CONTRIB-2010-006
Bibliography Module - Cross Site Scripting

Source: CONFIRM
Type: Patch, Vendor Advisory
http://drupal.org/node/683786

Source: CCN
Type: SA38207
Drupal Bibliography Module Script Insertion

Source: SECUNIA
Type: Vendor Advisory
38207

Source: CCN
Type: OSVDB ID: 61681
Bibliography Module for Drupal Unspecified XSS

Source: CCN
Type: OSVDB ID: 64598
Bibliography Module for Drupal Unspecified XSS

Source: BID
Type: Patch
37804

Source: CCN
Type: BID-37804
Drupal Bibliography Module HTML Injection Vulnerability

Source: XF
Type: UNKNOWN
bibliography-drupal-unspecified-xss(55635)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ron_jerome:bibliography:5.x-1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:5.x-1.x-dev:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta1:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta2:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta3:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta4:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta5:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta6:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta7:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta8:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.0-beta9:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ron_jerome:bibliography:6.x-1.x-dev:*:*:*:*:*:*:*
  • AND
  • cpe:/a:drupal:drupal:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ron_jerome bibliography 5.x-1.0
    ron_jerome bibliography 5.x-1.1
    ron_jerome bibliography 5.x-1.2
    ron_jerome bibliography 5.x-1.3
    ron_jerome bibliography 5.x-1.4
    ron_jerome bibliography 5.x-1.5
    ron_jerome bibliography 5.x-1.6
    ron_jerome bibliography 5.x-1.7
    ron_jerome bibliography 5.x-1.x-dev
    ron_jerome bibliography 6.x-1.0
    ron_jerome bibliography 6.x-1.0 rc1
    ron_jerome bibliography 6.x-1.0 rc2
    ron_jerome bibliography 6.x-1.0 rc3
    ron_jerome bibliography 6.x-1.0 rc4
    ron_jerome bibliography 6.x-1.0 rc5
    ron_jerome bibliography 6.x-1.0-beta1
    ron_jerome bibliography 6.x-1.0-beta2
    ron_jerome bibliography 6.x-1.0-beta3
    ron_jerome bibliography 6.x-1.0-beta4
    ron_jerome bibliography 6.x-1.0-beta5
    ron_jerome bibliography 6.x-1.0-beta6
    ron_jerome bibliography 6.x-1.0-beta7
    ron_jerome bibliography 6.x-1.0-beta8
    ron_jerome bibliography 6.x-1.0-beta9
    ron_jerome bibliography 6.x-1.1
    ron_jerome bibliography 6.x-1.2
    ron_jerome bibliography 6.x-1.3
    ron_jerome bibliography 6.x-1.4
    ron_jerome bibliography 6.x-1.5
    ron_jerome bibliography 6.x-1.6
    ron_jerome bibliography 6.x-1.x-dev
    drupal drupal *