CVE-2010-1536

Drupal <5.x-2.2, <6.x-2.9 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors.

References (5)

Scores

EPSS 0.0028
EPSS Percentile 51.2%

Classification

CWE
CWE-79
Status published

Affected Products (30)

mearra/addthis
mearra/addthis
mearra/addthis
mearra/addthis
mearra/addthis
mearra/addthis
mearra/addthis
mearra/addthis
mearra/addthis
mearra/addthis
mearra/addthis
mearra/addthis
mearra/addthis
mearra/addthis
mearra/addthis
... and 15 more

Timeline

Published Apr 26, 2010
Tracked Since Feb 18, 2026