Your submission was sent successfully! Close

CVE-2010-2250

Published: 07 November 2019

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
drupal6
Launchpad, Ubuntu, Debian
Upstream
Released (6.18-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist