CVE-2010-2158 [Low] | XSS in Storm

Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-03-17	0.07%	0.17%	+0.10%
2	2023-03-07	1.05%	0.07%	-0.99%
3	2022-02-04	—	1.05%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-03-17

0.07%

0.17%

+0.10%

2023-03-07

1.05%

0.07%

-0.99%

2022-02-04

—

1.05%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
2.1	2.0	LOW	`AV:N/AC:H/Au:S/C:N/I:P/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:H) Exploitation requires uncommon or highly specific conditions. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	3.9	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

2.1

2.0

LOW

AV:N/AC:H/Au:S/C:N/I:P/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:H): Exploitation requires uncommon or highly specific conditions.
Authentication (AU:S): A single authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:N): No availability impact.

3.9

2.9

[email protected]

Affected software / configurations for CVE-2010-2158

Vendor	Product	Version	Raw CPE
speedtech	storm	5.x-1.1	cpe:2.3:a:speedtech:storm:5.x-1.1:::::::*
speedtech	storm	5.x-1.2	cpe:2.3:a:speedtech:storm:5.x-1.2:::::::*
speedtech	storm	5.x-1.3	cpe:2.3:a:speedtech:storm:5.x-1.3:::::::*
speedtech	storm	5.x-1.4	cpe:2.3:a:speedtech:storm:5.x-1.4:::::::*
speedtech	storm	5.x-1.5	cpe:2.3:a:speedtech:storm:5.x-1.5:::::::*
speedtech	storm	5.x-1.6	cpe:2.3:a:speedtech:storm:5.x-1.6:::::::*
speedtech	storm	5.x-1.7	cpe:2.3:a:speedtech:storm:5.x-1.7:::::::*
speedtech	storm	5.x-1.8	cpe:2.3:a:speedtech:storm:5.x-1.8:::::::*
speedtech	storm	5.x-1.9	cpe:2.3:a:speedtech:storm:5.x-1.9:::::::*
speedtech	storm	5.x-1.10	cpe:2.3:a:speedtech:storm:5.x-1.10:::::::*
speedtech	storm	5.x-1.11	cpe:2.3:a:speedtech:storm:5.x-1.11:::::::*
speedtech	storm	5.x-1.12	cpe:2.3:a:speedtech:storm:5.x-1.12:::::::*
speedtech	storm	5.x-1.13	cpe:2.3:a:speedtech:storm:5.x-1.13:::::::*
speedtech	storm	5.x-1.14	cpe:2.3:a:speedtech:storm:5.x-1.14:::::::*
speedtech	storm	5.x-1.x	cpe:2.3:a:speedtech:storm:5.x-1.x:dev::::::
speedtech	storm	6.x-1.0	cpe:2.3:a:speedtech:storm:6.x-1.0:::::::*
speedtech	storm	6.x-1.1	cpe:2.3:a:speedtech:storm:6.x-1.1:::::::*
speedtech	storm	6.x-1.2	cpe:2.3:a:speedtech:storm:6.x-1.2:::::::*
speedtech	storm	6.x-1.3	cpe:2.3:a:speedtech:storm:6.x-1.3:::::::*
speedtech	storm	6.x-1.4	cpe:2.3:a:speedtech:storm:6.x-1.4:::::::*
speedtech	storm	6.x-1.5	cpe:2.3:a:speedtech:storm:6.x-1.5:::::::*
speedtech	storm	6.x-1.6	cpe:2.3:a:speedtech:storm:6.x-1.6:::::::*
speedtech	storm	6.x-1.7	cpe:2.3:a:speedtech:storm:6.x-1.7:::::::*
speedtech	storm	6.x-1.8	cpe:2.3:a:speedtech:storm:6.x-1.8:::::::*
speedtech	storm	6.x-1.9	cpe:2.3:a:speedtech:storm:6.x-1.9:::::::*
speedtech	storm	6.x-1.10	cpe:2.3:a:speedtech:storm:6.x-1.10:::::::*
speedtech	storm	6.x-1.11	cpe:2.3:a:speedtech:storm:6.x-1.11:::::::*
speedtech	storm	6.x-1.12	cpe:2.3:a:speedtech:storm:6.x-1.12:::::::*
speedtech	storm	6.x-1.13	cpe:2.3:a:speedtech:storm:6.x-1.13:::::::*
speedtech	storm	6.x-1.14	cpe:2.3:a:speedtech:storm:6.x-1.14:::::::*
speedtech	storm	6.x-1.15	cpe:2.3:a:speedtech:storm:6.x-1.15:::::::*
speedtech	storm	6.x-1.16	cpe:2.3:a:speedtech:storm:6.x-1.16:::::::*
speedtech	storm	6.x-1.17	cpe:2.3:a:speedtech:storm:6.x-1.17:::::::*
speedtech	storm	6.x-1.18	cpe:2.3:a:speedtech:storm:6.x-1.18:::::::*
speedtech	storm	6.x-1.19	cpe:2.3:a:speedtech:storm:6.x-1.19:::::::*
speedtech	storm	6.x-1.20	cpe:2.3:a:speedtech:storm:6.x-1.20:::::::*
speedtech	storm	6.x-1.21	cpe:2.3:a:speedtech:storm:6.x-1.21:::::::*
speedtech	storm	6.x-1.22	cpe:2.3:a:speedtech:storm:6.x-1.22:::::::*
speedtech	storm	6.x-1.23	cpe:2.3:a:speedtech:storm:6.x-1.23:::::::*
speedtech	storm	6.x-1.24	cpe:2.3:a:speedtech:storm:6.x-1.24:::::::*
speedtech	storm	6.x-1.25	cpe:2.3:a:speedtech:storm:6.x-1.25:::::::*
speedtech	storm	6.x-1.26	cpe:2.3:a:speedtech:storm:6.x-1.26:::::::*
speedtech	storm	6.x-1.27	cpe:2.3:a:speedtech:storm:6.x-1.27:::::::*
speedtech	storm	6.x-1.28	cpe:2.3:a:speedtech:storm:6.x-1.28:::::::*
speedtech	storm	6.x-1.29	cpe:2.3:a:speedtech:storm:6.x-1.29:::::::*
speedtech	storm	6.x-1.30	cpe:2.3:a:speedtech:storm:6.x-1.30:::::::*
speedtech	storm	6.x-1.31	cpe:2.3:a:speedtech:storm:6.x-1.31:::::::*
speedtech	storm	6.x-1.32	cpe:2.3:a:speedtech:storm:6.x-1.32:::::::*
speedtech	storm	6.x-1.x	cpe:2.3:a:speedtech:storm:6.x-1.x:dev::::::

References for CVE-2010-2158

URL	Tags
http://drupal.org/node/803770	Patch Vendor Advisory
http://secunia.com/advisories/39732	Vendor Advisory

URL

CVE-2010-2158

Exploit prediction scoring system (EPSS) score for CVE-2010-2158

Common vulnerability scoring system (CVSS) metrics for CVE-2010-2158

Weakness enumeration for CVE-2010-2158

Affected software / configurations for CVE-2010-2158

References for CVE-2010-2158