CVE-2010-2250

Summary

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

Affected Software

VendorProductVersion RangeStatus
drupal6drupal66.x before version 6.16affected

Weaknesses

  • cross site scripting

ADP Enrichment

CVE Program Container

Additional References

References