CVE-2010-1303

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.

Reference

http://drupal.org/node/622096
http://drupal.org/node/758756
http://secunia.com/advisories/39220
http://www.osvdb.org/63425
https://exchange.xforce.ibmcloud.com/vulnerabilities/57445

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

08-04-2010 - 16:30