VYPR
Unrated severityNVD Advisory· Published Jan 21, 2010· Updated Jun 16, 2026

CVE-2010-0370

CVE-2010-0370

Description

Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:roger_lopez:nodeblock:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:roger_lopez:nodeblock:*:*:*:*:*:*:*:*range: <=5.x-1.1
    • cpe:2.3:a:thomas_turnbull:nodeblock:*:*:*:*:*:*:*:*range: <=6.x-1.3
    • cpe:2.3:a:thomas_turnbull:nodeblock:6.x-1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:thomas_turnbull:nodeblock:6.x-1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:thomas_turnbull:nodeblock:6.x-1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:thomas_turnbull:nodeblock:6.x-1.x:dev:*:*:*:*:*:*
  • Range: <=5.x-1.1, <=6.x-1.3

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.