Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Speedtech Storm模块多个跨站脚本攻击漏洞
Vulnerability Description
Drupal是很著名的开源内容管理平台,仿照了blog程序模式,但比普通的blog更灵活,可以做各种网站的内容管理平台。 Drupal的Storm模块存在多个跨站脚本攻击(XSS)漏洞,拥有某些模块权限的远程认证用户可利用index.php stromperson功能的(1)全称,(2)电话,或(3)im参数注入任意web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A