CVE-2010-1108

Name of the Vulnerable Software and Affected Versions Drupal versions 5.x through 5.x-1.5 Drupal versions 6.x through 6.x-1.2

Description A cross-site scripting (XSS) issue exists in the Control Panel module for Drupal, allowing remote authenticated users with "administer blocks" privileges to inject arbitrary web script or HTML.

Recommendations For versions 5.x through 5.x-1.5, update to a version later than 5.x-1.5 to resolve the issue. For versions 6.x through 6.x-1.2, update to a version later than 6.x-1.2 to resolve the issue.