Unrated severityNVD Advisory· Published Nov 7, 2019· Updated Aug 7, 2024
CVE-2010-2472
CVE-2010-2472
Description
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- drupal6/drupal6v5Range: 6.x before version 6.16
Patches
Vulnerability mechanics
References
3- security-tracker.debian.org/tracker/CVE-2010-2472mitrex_refsource_MISC
- www.drupal.org/node/731710mitrex_refsource_CONFIRM
- www.openwall.com/lists/oss-security/2010/06/28/8mitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.