CVE-2010-1536

{"id": "CVE-2010-1536", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-04-26T19:30:00.380", "references": [{"url": "http://drupal.org/node/731568", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/731576", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/731578", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/38818", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/38513", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo AddThis Button v5.x anterior a v5.x-2.2 y v6.x anterior a v6.x-2.9 para Drupal permite a usuarios autenticados en remoto con privilegios de administrar addthis, inyectar secuencias de comandos Web o HTML mediante vectores no especificados"}], "lastModified": "2010-04-27T16:04:36.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mearra:addthis:5.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADCD5F83-31E8-4207-B35F-684F0E519516"}, {"criteria": "cpe:2.3:a:mearra:addthis:5.x-1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09639FCD-6A4E-4E65-B0F6-90E1321953A0"}, {"criteria": "cpe:2.3:a:mearra:addthis:5.x-1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7353C01-7FC5-4483-98E4-6AAE7BD5D551"}, {"criteria": "cpe:2.3:a:mearra:addthis:5.x-1.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AC7858D-9736-46B5-9CE1-052F62123836"}, {"criteria": "cpe:2.3:a:mearra:addthis:5.x-2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9675F78-FF3C-464B-B1CE-596173E66073"}, {"criteria": "cpe:2.3:a:mearra:addthis:5.x-2.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98DA58F2-F6D4-470A-B1FA-CE5C990A194C"}, {"criteria": "cpe:2.3:a:mearra:addthis:5.x-2.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "558CAEA2-D27F-42FD-900D-99C99D2368D2"}, {"criteria": "cpe:2.3:a:mearra:addthis:5.x-2.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "354857C5-C14C-40CC-A324-017878419C8D"}, {"criteria": "cpe:2.3:a:mearra:addthis:5.x-2.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99B51DC7-1EA9-4CDA-A7E8-1558C68093BD"}, {"criteria": "cpe:2.3:a:mearra:addthis:5.x-2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E0F0DC8-070C-457E-A1FF-344D1F5E81F4"}, {"criteria": "cpe:2.3:a:mearra:addthis:5.x-2.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AF7BACF-7FD1-488B-872C-E54CFD93546B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mearra:addthis:6.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DEC5BCC-22F5-4D17-85BB-80BF4096B987"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC2F2CFA-8440-417C-A255-AB61A7A2D9D0"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F25C991A-C280-4351-A56F-BCF77F76B469"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-1.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34F00641-B342-4AB8-AA54-2EB9998622EF"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDA73C3F-8582-44D3-B316-C57E47B5B7D7"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5D9E571-7347-4CAC-88E9-2977EAAC83B3"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB0E48F1-0C6C-4F6A-A044-E8688D6B250D"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31539DC9-8915-4BDE-A0BB-EF18D64D4B75"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "635C2B26-9B69-4B9E-A9C6-BD007403B921"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4264E740-50B8-4BBD-85E1-D036E02232CD"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB223E02-FE7C-45A8-A293-96C7D7EC52A0"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7127BE9C-E65C-46E4-AF52-D69A6E135494"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20B3CA84-E74C-4A4C-8BD3-E74F3C493888"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26C416F9-BA5A-4F76-9B2E-0A07BE051846"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "688351C1-2ED9-47BD-9D40-C4C969FDF529"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94933D54-D059-420E-A90A-578F647792B6"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E13DA4-FFC1-4022-AD55-7D0246850D57"}, {"criteria": "cpe:2.3:a:mearra:addthis:6.x-2.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11AAB1D-02C6-4CAF-9BD8-62A6E54EA114"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}