3 matches found
CVE-2012-2711
Multiple cross-site scripting XSS vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information...
CVE-2012-2711
The CVE-2012-2711 issue concerns Drupal’s Taxonomy List module (6.x-1.x) with cross-site scripting (XSS) vulnerabilities. The vulnerability arises because the module does not sufficiently sanitize user-supplied text in taxonomy information, enabling remote authenticated users who have create or e...
SA-CONTRIB-2012-083 - Taxonomy List - Cross Site Scripting (XSS)
CVE: CVE-2012-2711 This module enables you to display the terms and optionally nodes under categories. The module doesn't sufficiently sanitize user supplied text in the taxonomy information. This vulnerability is mitigated by the fact that an attacker must have a role with permissions to create ...