CVE-2010-1303

Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
jim_berrytaxonomy_filter
6.x-1.0:x
jim_berrytaxonomy_filter
6.x-1.x-dev:x
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal6
karmic
not-affected
jaunty
not-affected
intrepid
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://drupal.org/node/622096
http://drupal.org/node/758756
http://secunia.com/advisories/39220
http://www.osvdb.org/63425
https://exchange.xforce.ibmcloud.com/vulnerabilities/57445
http://drupal.org/node/622096
http://drupal.org/node/758756
http://secunia.com/advisories/39220
http://www.osvdb.org/63425
https://exchange.xforce.ibmcloud.com/vulnerabilities/57445