2 matches found
CVE-2010-4813
Cross-site scripting XSS vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help...
CVE-2010-4813
The CVE-2010-4813 issue affects the Drupal Category Tokens module (Drupal 6.x) prior to version 6.x-1.1. The vulnerability arises in how vocabulary names are processed in token help, allowing XSS. Exploitation requires remote authentication with taxonomy administration permissions, enabling an at...