CVE-2010-1108
https://notcve.org/view.php?id=CVE-2010-1108
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Control Panel v5.x hasta v5.x-1.5 y v6.x hasta v6.x-1.2 para Drupal permite a usuarios autenticados remotamente, con privilegios para administrar bloques, inyectar código web o HTML de su elección a través de vectores sin especificar. • http://drupal.org/node/686428 http://drupal.org/node/690718 http://secunia.com/advisories/38280 http://www.securityfocus.com/bid/37890 https://exchange.xforce.ibmcloud.com/vulnerabilities/55769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •