CVE-2010-2472
Last modified
CVE-2010-2472 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.. EPSS estimates a 0.76% chance of exploitation in the next 30 days.
Description
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | >= 5.0, < 5.22 |
| Drupal | Drupal | >= 6.0, < 6.16 |
References
- https://security-tracker.debian.org/tracker/CVE-2010-2472Third Party Advisory
- https://www.drupal.org/node/731710Patch, Vendor Advisory
- https://www.openwall.com/lists/oss-security/2010/06/28/8Mailing List, Third Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2010-2472Third Party Advisory
- https://www.drupal.org/node/731710Patch, Vendor Advisory
- https://www.openwall.com/lists/oss-security/2010/06/28/8Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-2472?
How severe is CVE-2010-2472?
How do I fix CVE-2010-2472?
Are you affected by CVE-2010-2472?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST