CVE-2010-2250

Опубликовано: 07 нояб. 2019

Источник: debian

EPSS Низкий

Описание

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
drupal6	fixed	6.18-1		package

EPSS

Процентиль: 70%

0.00673

Низкий

Связанные уязвимости

CVE-2010-2250

CVSS3: 6.1

ubuntu

больше 5 лет назад

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

CVE-2010-2250

CVSS3: 6.1

nvd

больше 5 лет назад

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

GHSA-jq73-c7h9-wr72

github

около 3 лет назад

Drupal 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

EPSS

Процентиль: 70%

0.00673

Низкий