0.002 Low
EPSS
Percentile
56.5%
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
launchpad.net/bugs/cve/CVE-2010-2250
nvd.nist.gov/vuln/detail/CVE-2010-2250
security-tracker.debian.org/tracker/CVE-2010-2250
www.cve.org/CVERecord?id=CVE-2010-2250