Unrated severityNVD Advisory· Published Mar 25, 2010· Updated Apr 29, 2026

CVE-2010-1107

Description

Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."

Affected products

Fourkitchens/Recent Comments5 versions
cpe:2.3:a:fourkitchens:recent_comments:5.x-1.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:fourkitchens:recent_comments:5.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:fourkitchens:recent_comments:5.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:fourkitchens:recent_comments:5.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:fourkitchens:recent_comments:6.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:fourkitchens:recent_comments:6.x-1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupal.org/node/688632nvdPatch
drupal.org/node/688636nvdPatch
drupal.org/node/690734nvdPatchVendor Advisory
www.securityfocus.com/bid/37898nvdPatch
secunia.com/advisories/38281nvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/55770nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000