Your submission was sent successfully! Close

CVE-2010-2472

Published: 7 November 2019

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.

Priority

Medium

CVSS 3 base score: 4.8

Status

Package Release Status
drupal6
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(reached end-of-life)
maverick Not vulnerable
(6.18-1ubuntu1)
natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

raring Not vulnerable

saucy Does not exist

upstream
Released (6.18-1)