10 matches found
SUSE CVE-2009-2079
Cross-site scripting XSS vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to injec...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the 1 Menu Title 2 Link Title, 3 Path...
CVE-2012-5553
Multiple cross-site scripting XSS vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the 1 Menu Title 2 Link Title, 3 Path...
SA-CONTRIB-2012-140 - Inf08 - Cross Site Scripting (XSS)
Inf08 is a valid XHTML 1.0 Strict / CSS 2.1 theme ported from the free CSS template. The theme contains an arbitrary script injection vulnerability XSS due to the fact that it fails to sanitize user supplied taxonomy vocabulary names before display. This vulnerability is mitigated by the fact tha...
CVE-2010-1303
Multiple cross-site scripting XSS vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary 1...
Cross site scripting
Cross-site scripting XSS vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names...
CVE-2009-2074
Cross-site scripting XSS vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names...
PT-2009-4532 · Drupal · Drupal Taxonomy Manager
Name of the Vulnerable Software and Affected Versions: Drupal Taxonomy manager versions 5.x before 5.x-1.2 Drupal Taxonomy manager versions 6.x before 6.x-1.1 Description: A cross-site scripting XSS issue exists in the administrative page interface of the Taxonomy manager module for Drupal. This...
PT-2009-4527 · Drupal · Nodequeue
Name of the Vulnerable Software and Affected Versions: Nodequeue versions 5.x before 5.x-2.7 Nodequeue versions 6.x before 6.x-2.2 Description: A cross-site scripting XSS issue allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via...
CVE-2007-5621
Multiple cross-site scripting XSS vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a...