Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.
References
Link | Resource |
---|---|
http://drupal.org/node/622096 | Patch |
http://drupal.org/node/758756 | Patch Vendor Advisory |
http://secunia.com/advisories/39220 | Vendor Advisory |
http://www.osvdb.org/63425 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/57445 | |
http://drupal.org/node/622096 | Patch |
http://drupal.org/node/758756 | Patch Vendor Advisory |
http://secunia.com/advisories/39220 | Vendor Advisory |
http://www.osvdb.org/63425 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/57445 |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:14
Type | Values Removed | Values Added |
---|---|---|
References | () http://drupal.org/node/622096 - Patch | |
References | () http://drupal.org/node/758756 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/39220 - Vendor Advisory | |
References | () http://www.osvdb.org/63425 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/57445 - |
Information
Published : 2010-04-08 16:30
Updated : 2024-11-21 01:14
NVD link : CVE-2010-1303
Mitre link : CVE-2010-1303
CVE.ORG link : CVE-2010-1303
JSON object : View
Products Affected
jim_berry
- taxonomy_filter
drupal
- drupal
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')