Unrated severityNVD Advisory· Published Mar 25, 2010· Updated Jun 16, 2026
CVE-2010-1108
CVE-2010-1108
Description
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:hashmarkconsulting:controlpanel:5.x-1.1:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:hashmarkconsulting:controlpanel:5.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashmarkconsulting:controlpanel:5.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:hashmarkconsulting:controlpanel:5.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:hashmarkconsulting:controlpanel:5.x-1.4:*:*:*:*:*:*:*
- cpe:2.3:a:hashmarkconsulting:controlpanel:5.x-1.5:*:*:*:*:*:*:*
- cpe:2.3:a:hashmarkconsulting:controlpanel:6.x-1.0-beta1:*:*:*:*:*:*:*
- cpe:2.3:a:hashmarkconsulting:controlpanel:6.x-1.0-beta2:*:*:*:*:*:*:*
- cpe:2.3:a:hashmarkconsulting:controlpanel:6.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:hashmarkconsulting:controlpanel:6.x-1.2:*:*:*:*:*:*:*
- Range: <=5.x-1.5 (5.x branch) and <=6.x-1.2 (6.x branch)
Patches
Vulnerability mechanics
References
5- drupal.org/node/686428nvdPatch
- drupal.org/node/690718nvdPatchVendor Advisory
- secunia.com/advisories/38280nvdVendor Advisory
- www.securityfocus.com/bid/37890nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/55769nvd
News mentions
0No linked articles in our index yet.