CVE-2008-3500

CVE-2008-3500 is an XSS vulnerability in the Drupal Suggested Terms module 5.x up to before 5.x-1.2. The flaw lets remote authenticated users inject arbitrary web script or HTML by crafting Taxonomy terms. Documented impact is cross-site scripting; no exploit details or in-the-wild status are pro...

SA-2008-039 - Suggested terms - Cross site scripting

This module provides "suggested terms" for free-tagging Taxonomy fields based on terms already submitted. Taxonomy terms as presented in the clickable list are not properly sanitized. Users who are able to create new terms are able to insert arbitrary script code and HTML into certain edit pages...