{"containers": {"cna": {"affected": [{"product": "drupal6", "vendor": "drupal6", "versions": [{"status": "affected", "version": "6.x before version 6.16"}, {"status": "affected", "version": "5.x before version 5.22"}]}], "descriptions": [{"lang": "en", "value": "Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission."}], "problemTypes": [{"descriptions": [{"description": "module cross site scripting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-07T18:05:33", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2010-2472"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.drupal.org/node/731710"}, {"name": "MLIST: [oss-security] 20100628 Re: CVE Request -- Drupal v6.16 / v5.22 SA-CORE-2010-001", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.openwall.com/lists/oss-security/2010/06/28/8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2472", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "drupal6", "version": {"version_data": [{"version_value": "6.x before version 6.16"}, {"version_value": "5.x before version 5.22"}]}}]}, "vendor_name": "drupal6"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "module cross site scripting"}]}]}, "references": {"reference_data": [{"name": "https://security-tracker.debian.org/tracker/CVE-2010-2472", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2010-2472"}, {"name": "https://www.drupal.org/node/731710", "refsource": "CONFIRM", "url": "https://www.drupal.org/node/731710"}, {"name": "MLIST: [oss-security] 20100628 Re: CVE Request -- Drupal v6.16 / v5.22 SA-CORE-2010-001", "refsource": "MLIST", "url": "https://www.openwall.com/lists/oss-security/2010/06/28/8"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:32:16.771Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2010-2472"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.drupal.org/node/731710"}, {"name": "MLIST: [oss-security] 20100628 Re: CVE Request -- Drupal v6.16 / v5.22 SA-CORE-2010-001", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2010/06/28/8"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2472", "datePublished": "2019-11-07T18:05:33", "dateReserved": "2010-06-28T00:00:00", "dateUpdated": "2024-08-07T02:32:16.771Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "7413FA32-8467-4761-995D-30CFF53D79F7", "versionEndExcluding": "5.22", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "8434D4F5-1B6D-47EE-923E-7A1873827D5B", "versionEndExcluding": "6.16", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission."}, {"lang": "es", "value": "El m\u00f3dulo local y los m\u00f3dulos contribuidos dependientes en Drupal versiones 6.x anteriores a 6.16 y versiones 5.x anteriores a 5.22, no sanean apropiadamente la visualizaci\u00f3n de c\u00f3digos de Idioma, nombres nativos y de idioma Ingl\u00e9s, lo que podr\u00eda permitir a un atacante llevar a cabo un ataque de tipo cross-site scripting (XSS). Esta vulnerabilidad es mitigada por el hecho de que un atacante necesita tener un rol con el permiso de \"administer languages\"."}], "id": "CVE-2010-2472", "lastModified": "2024-11-21T01:16:44.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-07T19:15:12.893", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2010-2472"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.drupal.org/node/731710"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2010/06/28/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2010-2472"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.drupal.org/node/731710"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2010/06/28/8"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}