Cross site scripting

2010-07-1318:30:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.9%

JSON

Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form.

CPENameOperatorVersion
hierarchical_selecteq5.120.10
hierarchical_selecteq5.120.11
hierarchical_selecteq5.120.12
hierarchical_selecteq5.120.13
hierarchical_selecteq5.120.14
hierarchical_selecteq5.x-1.x dev
hierarchical_selecteq5.x-2.0 beta2
hierarchical_selecteq5.120.20
hierarchical_selecteq5.x-2.0 beta1
hierarchical_selecteq5.x-2.0 rc1

Name	Operator	Version
hierarchical_select	eq	5.120.10
hierarchical_select	eq	5.120.11
hierarchical_select	eq	5.120.12
hierarchical_select	eq	5.120.13
hierarchical_select	eq	5.120.14
hierarchical_select	eq	5.x-1.x dev
hierarchical_select	eq	5.x-2.0 beta2
hierarchical_select	eq	5.120.20
hierarchical_select	eq	5.x-2.0 beta1
hierarchical_select	eq	5.x-2.0 rc1

Rows per page:

1-10 of 311

References

osvdb.org/66117

secunia.com/advisories/40440

www.securityfocus.com/bid/41450

drupal.org/node/847488

exchange.xforce.ibmcloud.com/vulnerabilities/60158