CVE-2010-1530

Drupal 6.x - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input.

References (5)

[Patch] http://drupal.org/node/764906

[Patch, Vendor Advisory] http://drupal.org/node/764998

[Third Party Advisory, VDB Entry] http://osvdb.org/63589

[Vendor Advisory] http://secunia.com/advisories/39361

[Patch] http://www.securityfocus.com/bid/39304

Scores

EPSS 0.0028

EPSS Percentile 51.2%

Classification

CWE

CWE-79

Status published

Affected Products (11)

reyero/i18n

reyero/i18n

reyero/i18n

reyero/i18n

reyero/i18n

reyero/i18n

reyero/i18n

reyero/i18n

reyero/i18n

reyero/i18n

n/a/n/a

Timeline

Published Apr 26, 2010

Tracked Since Feb 18, 2026