Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2010-2250 - Vulnerability Database

Drupal

Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2010-2250

Medium

Reference: CVE-2010-2250

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-2250

Title: Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.