Lucene search

[email protected]CVE-2010-1303

HistoryApr 08, 2010 - 4:30 p.m.

CVE-2010-1303

2010-04-0816:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2010

1303

xss

vulnerabilities

drupal

taxonomy filter

module

nvd

security

remote

authenticated

injection

web script

html

vocabulary

terms

filter menus

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.

Affected configurations

NVD

Node

jim_berrytaxonomy_filterMatch6.x-1.0

jim_berrytaxonomy_filterMatch6.x-1.x-dev

AND

drupaldrupal

CPENameOperatorVersion
jim_berry:taxonomy_filterjim berry taxonomy filtereq6.x-1.0
jim_berry:taxonomy_filterjim berry taxonomy filtereq6.x-1.x-dev

CPE	Name	Operator	Version
jim_berry:taxonomy_filter	jim berry taxonomy filter	eq	6.x-1.0
jim_berry:taxonomy_filter	jim berry taxonomy filter	eq	6.x-1.x-dev

References

drupal.org/node/622096

drupal.org/node/758756

secunia.com/advisories/39220

www.osvdb.org/63425

exchange.xforce.ibmcloud.com/vulnerabilities/57445

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

Related for CVE-2010-1303

prion1 ubuntucve1 nvd1 cvelist1 openvas4 fedora2