CVE-2010-4813

Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:category_tokens_project:category_tokens:6.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-07-08 22:55

Updated : 2024-02-28 11:41


NVD link : CVE-2010-4813

Mitre link : CVE-2010-4813

CVE.ORG link : CVE-2010-4813


JSON object : View

Products Affected

category_tokens_project

  • category_tokens

drupal

  • drupal
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')