2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.9%
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable.
drupal.org/files/sa-2006-008/4.6.7.patch
drupal.org/node/66767
secunia.com/advisories/20412
secunia.com/advisories/21244
securityreason.com/securityalert/1041
www.debian.org/security/2006/dsa-1125
www.securityfocus.com/archive/1/435793/100/0/threaded
www.securityfocus.com/bid/18245
www.vupen.com/english/advisories/2006/2112
exchange.xforce.ibmcloud.com/vulnerabilities/26893