CVE-2010-2472: XSS
First published: Thu Nov 07 2019(Updated: )
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Drupal Drupal | >=6.0<6.16 | |
| Drupal Drupal | >=5.0<5.22 | |
| debian/drupal6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-2472?
The severity of CVE-2010-2472 is medium.
How does CVE-2010-2472 affect Drupal?
CVE-2010-2472 affects Drupal versions 6.x before 6.16 and 5.x before 5.22.
What is the vulnerability in CVE-2010-2472?
The vulnerability in CVE-2010-2472 is a cross-site scripting (XSS) attack.
What is the mitigation for CVE-2010-2472?
There are no known remedies for CVE-2010-2472.
Where can I find more information about CVE-2010-2472?
You can find more information about CVE-2010-2472 at the following references: [link1] [link2] [link3]
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- vendor/drupal
- canonical/drupal drupal
- version/drupal drupal/6.0
- version/drupal drupal/5.0
- package-manager/debian