CVE-2010-1530
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Internationalization module for Drupal 6.x before 6.x-1.4 contains XSS vulnerabilities in block and string translations allowing authenticated users to inject arbitrary script.
Vulnerability
The Internationalization module for Drupal 6.x (versions prior to 6.x-1.4) contains multiple cross-site scripting (XSS) vulnerabilities in the i18nstrings and i18nblocks submodules. User-defined strings used for block translation and strings translated via the locale interface were not properly filtered before display, allowing injection of arbitrary web script or HTML [1].
Exploitation
An attacker must be an authenticated user with either the 'translate interface' or 'administer blocks' permission. They can insert malicious payloads through strings used in block translation or through the untranslated input field. The injected script executes when other users view the affected translated blocks or strings [1].
Impact
Successful XSS exploitation allows the attacker to execute arbitrary web script or HTML in the context of the victim's browser. This can lead to session hijacking, data theft, or gaining full administrative access if the victim is an administrator [1].
Mitigation
Update to Internationalization 6.x-1.4, released on 2010-04-07, and run the Drupal database update [2]. No workarounds are documented; upgrading is the recommended action [1]. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11cpe:2.3:a:reyero:i18n:6.x-1.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:reyero:i18n:6.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:reyero:i18n:6.x-1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:reyero:i18n:6.x-1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:reyero:i18n:6.x-1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:reyero:i18n:6.x-1.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:reyero:i18n:6.x-1.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:reyero:i18n:6.x-1.0:dev:*:*:*:*:*:*
- cpe:2.3:a:reyero:i18n:6.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:reyero:i18n:6.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:reyero:i18n:6.x-1.3:*:*:*:*:*:*:*
- Range: <6.x-1.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- drupal.org/node/764906nvdPatch
- drupal.org/node/764998nvdPatchVendor Advisory
- www.securityfocus.com/bid/39304nvdPatch
- secunia.com/advisories/39361nvdVendor Advisory
- osvdb.org/63589nvd
News mentions
0No linked articles in our index yet.