Vulnerability Database

296,213

Total vulnerabilities in the database

CVE-2010-2048

Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: May 25, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-2048
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
menhir / heartbeat	6.x-2.3	6.x-2.3.x
menhir / heartbeat	6.x-2.3-beta1	6.x-2.3-beta1.x
menhir / heartbeat	6.x-2.3-beta2	6.x-2.3-beta2.x
menhir / heartbeat	6.x-3.2	6.x-3.2.x
menhir / heartbeat	6.x-3.3	6.x-3.3.x
menhir / heartbeat	6.x-3.x-dev	6.x-3.x-dev.x
menhir / heartbeat	6.x-4.0	6.x-4.0.x
menhir / heartbeat	6.x-4.1	6.x-4.1.x
menhir / heartbeat	6.x-4.2	6.x-4.2.x
menhir / heartbeat	6.x-4.3-beta3	6.x-4.3-beta3.x
menhir / heartbeat	6.x-4.3	6.x-4.3.x
menhir / heartbeat	6.x-4.3-beta1	6.x-4.3-beta1.x
menhir / heartbeat	6.x-4.3-beta2	6.x-4.3-beta2.x
menhir / heartbeat	6.x-4.4	6.x-4.4.x
menhir / heartbeat	6.x-4.5	6.x-4.5.x
menhir / heartbeat	6.x-4.6	6.x-4.6.x
menhir / heartbeat	6.x-4.7	6.x-4.7.x
menhir / heartbeat	6.x-4.8	6.x-4.8.x
menhir / heartbeat	6.x-4.x-dev	6.x-4.x-dev.x