CVE-2010-2472

N/A

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.

N/A

N/A

Drupal Locale module和dependent contributed modules 跨站脚本漏洞

Drupal是Drupal社区的一套使用PHP语言开发的开源内容管理系统。Locale module是其中的一个语言环境本地化模块。dependent contributed modules是使用在其中的第三方模块。 Drupal 6.16之前的6.x版本和5.22之前的5.x版本中的Locale module和dependent contributed modules存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

N/A

N/A