CVE-2010-2250
N/A
N/A
Summary
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| drupal6 | drupal6 | 6.x before version 6.16 | affected |
Weaknesses
- cross site scripting
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2014/02/12/8
- https://security-tracker.debian.org/tracker/CVE-2010-2250
- https://www.drupal.org/node/731710
- https://www.openwall.com/lists/oss-security/2010/06/28/8
- https://www.drupal.org/node/731710
References
- http://www.openwall.com/lists/oss-security/2014/02/12/8
- https://security-tracker.debian.org/tracker/CVE-2010-2250
- https://www.drupal.org/node/731710
- https://www.openwall.com/lists/oss-security/2010/06/28/8
- https://www.drupal.org/node/731710
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.