CVE-2010-1303

Drupal Taxonomy Filter 6.x-1.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.

References (5)

[Patch] http://drupal.org/node/622096

[Patch, Vendor Advisory] http://drupal.org/node/758756

[Vendor Advisory] http://secunia.com/advisories/39220

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/57445

[Third Party Advisory, VDB Entry] http://www.osvdb.org/63425

Scores

EPSS 0.0016

EPSS Percentile 37.3%

Classification

CWE

CWE-79

Status published

Affected Products (3)

jim_berry/taxonomy_filter

jim_berry/taxonomy_filter

n/a/n/a

Timeline

Published Apr 08, 2010

Tracked Since Feb 18, 2026