CVE-2010-2472

{"id": "CVE-2010-2472", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2019-11-07T19:15:12.893", "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2010-2472", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.drupal.org/node/731710", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.openwall.com/lists/oss-security/2010/06/28/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2010-2472", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.drupal.org/node/731710", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.openwall.com/lists/oss-security/2010/06/28/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission."}, {"lang": "es", "value": "El m\u00f3dulo local y los m\u00f3dulos contribuidos dependientes en Drupal versiones 6.x anteriores a 6.16 y versiones 5.x anteriores a 5.22, no sanean apropiadamente la visualizaci\u00f3n de c\u00f3digos de Idioma, nombres nativos y de idioma Ingl\u00e9s, lo que podr\u00eda permitir a un atacante llevar a cabo un ataque de tipo cross-site scripting (XSS). Esta vulnerabilidad es mitigada por el hecho de que un atacante necesita tener un rol con el permiso de \"administer languages\"."}], "lastModified": "2024-11-21T01:16:44.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7413FA32-8467-4761-995D-30CFF53D79F7", "versionEndExcluding": "5.22", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8434D4F5-1B6D-47EE-923E-7A1873827D5B", "versionEndExcluding": "6.16", "versionStartIncluding": "6.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}