Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jim Berry | Taxonomy Filter | 6.x-1.0 |
| Drupal | Drupal | All versions |
Related Weaknesses (CWE)
References
- http://drupal.org/node/622096Patch
- http://drupal.org/node/758756PatchVendor Advisory
- http://secunia.com/advisories/39220Vendor Advisory
- http://www.osvdb.org/63425
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57445
- http://drupal.org/node/622096Patch
- http://drupal.org/node/758756PatchVendor Advisory
- http://secunia.com/advisories/39220Vendor Advisory
- http://www.osvdb.org/63425
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57445
FAQ
What is CVE-2010-1303?
CVE-2010-1303 is a vulnerability with a CVSS score of 2.1 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node pe...
How severe is CVE-2010-1303?
CVE-2010-1303 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1303?
Check the references section above for vendor advisories and patch information. Affected products include: Jim Berry Taxonomy Filter, Drupal Drupal.