{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-22T16:39:00.074","vulnerabilities":[{"cve":{"id":"CVE-2010-2472","sourceIdentifier":"secalert@redhat.com","published":"2019-11-07T19:15:12.893","lastModified":"2026-06-16T23:20:49.280","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission."},{"lang":"es","value":"El módulo local y los módulos contribuidos dependientes en Drupal versiones 6.x anteriores a 6.16 y versiones 5.x anteriores a 5.22, no sanean apropiadamente la visualización de códigos de Idioma, nombres nativos y de idioma Inglés, lo que podría permitir a un atacante llevar a cabo un ataque de tipo cross-site scripting (XSS). Esta vulnerabilidad es mitigada por el hecho de que un atacante necesita tener un rol con el permiso de \"administer languages\"."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"drupal6","product":"drupal6","versions":[{"version":"6.x before version 6.16","status":"affected"},{"version":"5.x before version 5.22","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.22","matchCriteriaId":"7413FA32-8467-4761-995D-30CFF53D79F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.16","matchCriteriaId":"8434D4F5-1B6D-47EE-923E-7A1873827D5B"}]}]}],"references":[{"url":"https://security-tracker.debian.org/tracker/CVE-2010-2472","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.drupal.org/node/731710","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2010/06/28/8","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security-tracker.debian.org/tracker/CVE-2010-2472","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.drupal.org/node/731710","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2010/06/28/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}