FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-4521

This CVE name corresponds to:

Entered Topic
2010-12-28 Drupal Views plugin -- cross-site scripting

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-4521 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-4521
Phase Assigned(20101209)

Description

Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path.

References

Source Reference
MLIST [oss-security] 20101216 CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12
MLIST [oss-security] 20101221 Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12
CONFIRM http://drupal.org/node/999380
FEDORA FEDORA-2010-18927
FEDORA FEDORA-2010-19009
VUPEN ADV-2011-0011

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.