Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-2079

Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names.

Published

2009-06-16T19:30:00.313

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

6.8

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application drupal drupal * No
Application drupal taxonomy_manager 5.x-1.0 Yes
Application drupal taxonomy_manager 5.x-1.1 Yes
Application drupal taxonomy_manager 6.x-1.0 Yes
Application drupal taxonomy_manager 6.x-1.0-beta1 Yes
Application drupal taxonomy_manager 6.x-1.0-beta2 Yes
References