Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Category Tokens Project | Category Tokens | 6.x-1.0 |
| Drupal | Drupal | All versions |
Related Weaknesses (CWE)
References
- http://drupal.org/node/968176PatchVendor Advisory
- http://osvdb.org/69145
- http://secunia.com/advisories/42168
- http://www.securityfocus.com/bid/44780
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63203
- http://drupal.org/node/968176PatchVendor Advisory
- http://osvdb.org/69145
- http://secunia.com/advisories/42168
- http://www.securityfocus.com/bid/44780
- https://exchange.xforce.ibmcloud.com/vulnerabilities/63203
FAQ
What is CVE-2010-4813?
CVE-2010-4813 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web scri...
How severe is CVE-2010-4813?
CVE-2010-4813 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4813?
Check the references section above for vendor advisories and patch information. Affected products include: Category Tokens Project Category Tokens, Drupal Drupal.