5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
60.3%
The Taxonomy Manager provides an advanced interface for administrating taxonomy vocabularies.
The module doesn’t sufficiently verify POST requests thereby exposing a Cross Site Request Forgery vulnerability.
This vulnerability is mitigated by the fact that an attacker must trick a user with ‘administer taxonomy’ permissions onto a prepared page with a site-specific malicious HTML form submission.
Drupal core is not affected. If you do not use the contributed Taxonomy Manager module, there is nothing you need to do.
Install the latest version:
Also see the Taxonomy Manager project page.