MidnightBSD

Advisories for hashmarkconsulting

CVE-2010-1108 LOW

Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hashmarkconsulting controlpanel 6.x-1.0-beta1
hashmarkconsulting controlpanel 6.x-1.0-beta2
hashmarkconsulting controlpanel 5.x-1.4
hashmarkconsulting controlpanel 5.x-1.2
hashmarkconsulting controlpanel 5.x-1.1
hashmarkconsulting controlpanel 5.x-1.3
hashmarkconsulting controlpanel 5.x-1.5
hashmarkconsulting controlpanel 6.x-1.1
hashmarkconsulting controlpanel 6.x-1.2