2 matches found
CVE-2010-1108
Cross-site scripting XSS vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors...
CVE-2010-1108
The CVE-2010-1108 issue affects the Drupal Control Panel module in versions 5.x up to 5.x-1.5 and 6.x up to 6.x-1.2, where an XSS vulnerability exists. The root cause is a cross-site scripting flaw that can be exploited by remote authenticated users who possess the "administer blocks" privilege t...