CVE-2010-2030

UNRATEDCross-site scripting

Description

Cross-site scripting (XSS) vulnerability in the External Link Page module 5.x before 5.x-1.0 and 6.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the administration and redirect pages.

Affected products

alan_palazzolo / external_link_page5.x-0.8 – 5.x-0.8
alan_palazzolo / external_link_page6.x-1.0 – 6.x-1.0
alan_palazzolo / external_link_page6.x-1.1 – 6.x-1.1

References

VENDOR_ADVISORYhttp://secunia.com/advisories/39888
MISChttp://drupal.org/node/803766
MISChttp://osvdb.org/64762
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/58714