WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-2472)

Description

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.

Remediation

References

Related Vulnerabilities

Nginx CVE-2010-4180 Vulnerability (CVE-2010-4180)

Bootstrap Table Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-1726)

WordPress Plugin NextGEN Smooth Gallery 'galleryID' Parameter SQL Injection (1.2)

WordPress Plugin Booking Calendar Cross-Site Request Forgery (4.1.5)

WordPress Plugin The Events Calendar Open Redirect (4.1.1)

Severity

Medium

Classification

CVE-2010-2472 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities