CVE-2009-2079

Taxonomy manager 5.x < 5.x-1.2 and 6.x < 6.x-1.1 - Cross-Site Scripting

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names.

References (6)

Core 6

Core References

Patch x_refsource_confirm

http://drupal.org/node/487602

Exploit, URL Repurposed x_refsource_misc

http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability

Patch x_refsource_confirm

http://drupal.org/node/487620

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35391

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35286

Patch, Vendor Advisory x_refsource_confirm

http://drupal.org/node/487818

Scores

EPSS 0.0026

EPSS Percentile 49.6%

Details

CWE

CWE-79

Status published

Products (5)

drupal/taxonomy_manager 5.x-1.0

drupal/taxonomy_manager 5.x-1.1

drupal/taxonomy_manager 6.x-1.0

drupal/taxonomy_manager 6.x-1.0-beta1

drupal/taxonomy_manager 6.x-1.0-beta2

Published Jun 16, 2009

Tracked Since Feb 18, 2026