Lucene search

[email protected]CVE-2008-7150

HistorySep 01, 2009 - 4:30 p.m.

CVE-2008-7150

2009-09-0116:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-7150

cross-site scripting

xss

refine by taxonomy

drupal

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is not properly handled by refine_by_taxo when displaying tags.

Affected configurations

NVD

Node

drupaldrupal

AND

ber_kesselsrefine_by_taxoMatch5.x-1.x-dev

CPENameOperatorVersion
ber_kessels:refine_by_taxober kessels refine by taxoeq5.x-1.x-dev

CPE	Name	Operator	Version
ber_kessels:refine_by_taxo	ber kessels refine by taxo	eq	5.x-1.x-dev

References

drupal.org/node/230460

drupal.org/node/230470

exchange.xforce.ibmcloud.com/vulnerabilities/41035

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for CVE-2008-7150

cvelist1 prion1 nvd1