CVE-2010-2250

Опубликовано: 07 нояб. 2019

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.3

CVSS3: 6.1

Описание

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

Релиз	Статус	Примечание
devel	DNE
hardy	DNE
lucid	ignored	end of life
maverick	not-affected	6.18-1ubuntu1
natty	not-affected
oneiric	not-affected
precise	not-affected
quantal	not-affected
raring	not-affected
saucy	DNE

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2010-2250

EPSS

Процентиль: 72%

0.00726

Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2010-2250

CVSS3: 6.1

nvd

около 6 лет назад

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

CVE-2010-2250

CVSS3: 6.1

debian

около 6 лет назад

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output du ...

GHSA-jq73-c7h9-wr72

github

почти 4 года назад

Drupal 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

EPSS

Процентиль: 72%

0.00726

Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

CVE-2010-2250

Описание

Пакет drupal6

Ссылки на источники

Связанные уязвимости