CVE-2009-2083

Taxonomy manager <5.x-1.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."

References (5)

[Patch, Vendor Advisory] http://drupal.org/node/487620

[Patch, Vendor Advisory] http://drupal.org/node/487818

[Exploit, URL Repurposed] http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability

[Vendor Advisory] http://secunia.com/advisories/35391

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/35286

Scores

EPSS 0.0021

EPSS Percentile 42.8%

Classification

CWE

CWE-79

Status published

Affected Products (4)

mattias_hutterer/taxonomy_manager

mattias_hutterer/taxonomy_manager

mattias_hutterer/taxonomy_manager

n/a/n/a

Timeline

Published Jun 16, 2009

Tracked Since Feb 18, 2026