Vulnerabilities in drupal6
3 resultsCVE-2010-2250—Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL anEPSS 1.0%CVE-2010-2473—Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session thEPSS 1.0%CVE-2010-2472—Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of languagEPSS 0.8%