First published: Tue Jun 16 2009(Updated: )
Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Drupal Drupal | ||
Mattias Hutterer Taxonomy Manager | =5.x-1.0 | |
Mattias Hutterer Taxonomy Manager | =5.x-1.1 | |
Mattias Hutterer Taxonomy Manager | =5.x-1.x-dev | |
All of | ||
Drupal Drupal | ||
Any of | ||
Mattias Hutterer Taxonomy Manager | =5.x-1.0 | |
Mattias Hutterer Taxonomy Manager | =5.x-1.1 | |
Mattias Hutterer Taxonomy Manager | =5.x-1.x-dev |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.