Description

Drupal 5.x before 5.22 and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

Remediation

References

CVE-2010-2250

Related Vulnerabilities

WordPress Plugin Plugmatter Optin Feature Box Multiple SQL Injection Vulnerabilities (2.0.13)

WordPress Plugin 404page-your smart custom 404 error page Cross-Site Request Forgery (10.3)

WebLogic CVE-2020-2766 Vulnerability (CVE-2020-2766)

Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000864)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17900)

Severity

Medium

Classification

CVE-2010-2250 CWE-707

Tags

Missing Update Known Vulnerabilities