CVE-2010-4813

Drupal 6.x - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.

References (5)

[Patch, Vendor Advisory] http://drupal.org/node/968176

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/44780

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/63203

[Third Party Advisory, VDB Entry] http://osvdb.org/69145

[Third Party Advisory] http://secunia.com/advisories/42168

Scores

EPSS 0.0016

EPSS Percentile 36.6%

Classification

CWE

CWE-79

Status published

Affected Products (2)

category_tokens_project/category_tokens

n/a/n/a

Timeline

Published Jul 08, 2011

Tracked Since Feb 18, 2026