CVE-2010-4813

Sažetak

Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.

Reference

http://drupal.org/node/968176
http://osvdb.org/69145
http://secunia.com/advisories/42168
http://www.securityfocus.com/bid/44780
https://exchange.xforce.ibmcloud.com/vulnerabilities/63203

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:29

Objavljeno

08-07-2011 - 22:55