Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-03-05T02:00:00
Updated: 2024-08-07T04:48:52.468Z
Reserved: 2009-03-04T00:00:00
Link: CVE-2009-0818
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-03-05T02:30:00.627
Modified: 2024-11-21T01:00:58.913
Link: CVE-2009-0818
Redhat
No data.