Cross site scripting

Cross-site scripting XSS vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms...

CVE-2008-3500

Cross-site scripting XSS vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms...

CVE-2008-3500

Cross-site scripting XSS vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms...

CVE-2008-3500

CVE-2008-3500 is an XSS vulnerability in the Drupal Suggested Terms module 5.x up to before 5.x-1.2. The flaw lets remote authenticated users inject arbitrary web script or HTML by crafting Taxonomy terms. Documented impact is cross-site scripting; no exploit details or in-the-wild status are pro...

Drupal Suggested Terms模块多个HTML注入漏洞

BUGTRAQ ID: 29953 Drupal是一款开放源码的内容管理平台。 Drupal的suggested terms模块用于根据用户已提交过的术语提供可自由标记的分类字段。该模块未经正确地过滤便在可点击的列表中显示了分类术语，因此能够创建新的术语条目的用户可以向某些编辑页面中注入任意HTML和脚本代码，当用户查看所推荐的分类术语时就会在浏览器会话中执行这些代码。 Drupal Suggested Terms 5.x-1.1 Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.drupal.org/...

SA-2008-039 - Suggested terms - Cross site scripting

This module provides "suggested terms" for free-tagging Taxonomy fields based on terms already submitted. Taxonomy terms as presented in the clickable list are not properly sanitized. Users who are able to create new terms are able to insert arbitrary script code and HTML into certain edit pages...