6.2 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.7%
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
www.openwall.com/lists/oss-security/2014/02/12/8
security-tracker.debian.org/tracker/CVE-2010-2250
www.drupal.org/node/731710
www.openwall.com/lists/oss-security/2010/06/28/8