CVE-2010-4813

Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
category_tokens_projectcategory_tokens
6.x-1.0:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/968176
http://osvdb.org/69145
http://secunia.com/advisories/42168
http://www.securityfocus.com/bid/44780
https://exchange.xforce.ibmcloud.com/vulnerabilities/63203
http://drupal.org/node/968176
http://osvdb.org/69145
http://secunia.com/advisories/42168
http://www.securityfocus.com/bid/44780
https://exchange.xforce.ibmcloud.com/vulnerabilities/63203