Your submission was sent successfully! Close

CVE-2010-2250

Published: 7 November 2019

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
drupal6
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
maverick Not vulnerable
(6.18-1ubuntu1)
natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

saucy Does not exist

upstream
Released (6.18-1)