ByteOS Network

NVD Vulnerability Details :

CVE-2009-2083

Analyzed

Source-cve@mitre.org

Published At-16 Jun, 2009 | 21:00

Updated At-14 Feb, 2024 | 01:17

Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 3.5

Base severity: LOW

Vector:

AV:N/AC:M/Au:S/C:N/I:P/A:N

CPE Matches

The Drupal Association

>>drupal>>*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

mattias_hutterer>>taxonomy_manager>>5.x-1.0

cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.0:*:*:*:*:*:*:*

mattias_hutterer>>taxonomy_manager>>5.x-1.1

cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.1:*:*:*:*:*:*:*

mattias_hutterer>>taxonomy_manager>>5.x-1.x-dev

cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.x-dev:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://drupal.org/node/487620	cve@mitre.org	Patch Vendor Advisory
http://drupal.org/node/487818	cve@mitre.org	Patch Vendor Advisory
http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability	cve@mitre.org	Exploit URL Repurposed
http://secunia.com/advisories/35391	cve@mitre.org	Vendor Advisory
http://www.securityfocus.com/bid/35286	cve@mitre.org	N/A