All the vulnerabilites related to mattias_hutterer - taxonomy_manager
Vulnerability from fkie_nvd
Published
2013-03-27 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mattias_hutterer | taxonomy_manager | 6.x-2.0 | |
| mattias_hutterer | taxonomy_manager | 6.x-2.1 | |
| mattias_hutterer | taxonomy_manager | 6.x-2.x | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5027DAF-DD90-4400-B5A4-91B998D6D8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98755200-BC97-4566-98EB-C1EADE919B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:6.x-2.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "C7A477A6-7EA1-46FA-9627-71DBD6D05AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "140CCFCC-A762-4F19-836C-50F5BBE5EFB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "8300611E-3D0E-492D-9F7C-8DCF9E1431F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "03C3497D-1A8A-4189-8431-233139F12101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "3E43CF66-4DA9-4029-9757-6B7268389E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "86C4FB7C-A11D-432E-82F1-97238C616942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DD50389C-1590-44B9-AFEB-9CB3C799EA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "819988EE-E208-4F32-8772-F4218450A36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "843235A4-FE0F-44A2-90B9-63D22292C6D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with \u0027administer taxonomy\u0027 permissions via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el Administrador de Taxonom\u00eda (taxonomy_manager) m\u00f3dulo v6.x-2.x antes v6.x-2.2 y v7.x-1.x antes v7.x-1.0-rc1 para Drupal permite a atacantes remotos secuestrar a la autenticaci\u00f3n de usuarios con el permiso \u0027administer taxonomy\u0027 a ??trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-0320",
"lastModified": "2024-11-21T01:47:18.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-27T21:55:02.263",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1922168"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1922170"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1922410"
},
{
"source": "secalert@redhat.com",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"source": "secalert@redhat.com",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1922168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1922170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1922410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-16 21:00
Modified
2024-11-21 01:04
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://drupal.org/node/487620 | Patch, Vendor Advisory | |
| cve@mitre.org | http://drupal.org/node/487818 | Patch, Vendor Advisory | |
| cve@mitre.org | http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability | Exploit, URL Repurposed | |
| cve@mitre.org | http://secunia.com/advisories/35391 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/35286 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://drupal.org/node/487620 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://drupal.org/node/487818 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability | Exploit, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35391 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35286 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | drupal | * | |
| mattias_hutterer | taxonomy_manager | 5.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 5.x-1.1 | |
| mattias_hutterer | taxonomy_manager | 5.x-1.x-dev |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68E26226-B9E5-48F0-9A8E-E0C24E6F0906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2BF2A-AC98-4F58-87D3-4F8CB7D8A7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C94DBE-CF9C-4D97-9422-EE85A50A19B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via \"Parent and related terms.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la pagina de detalle de datos de un periodo en el administrador Taxonomy v5.x anteriores a v5.x-1.2, un modulo de Drupal, permite a usuarios autenticados, con privilegios de administrador de taxonom\u00edas o la capacidad para utilizar los t\u00e9rminos de \"etiquetado libre\" y \"a\u00f1adir taxonom\u00eda\", inyectar secuencias de comandos web o HTML a trav\u00e9s de \"t\u00e9rminos padre y relacionados\"."
}
],
"id": "CVE-2009-2083",
"lastModified": "2024-11-21T01:04:05.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-16T21:00:00.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/487620"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/487818"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35391"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/487620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/487818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35286"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2009-2083
Vulnerability from cvelistv5
Published
2009-06-16 20:26
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."
References
| ▼ | URL | Tags |
|---|---|---|
| http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability | x_refsource_MISC | |
| http://drupal.org/node/487620 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/35391 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/35286 | vdb-entry, x_refsource_BID | |
| http://drupal.org/node/487818 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/487620"
},
{
"name": "35391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35391"
},
{
"name": "35286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35286"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/487818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via \"Parent and related terms.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-16T20:26:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/487620"
},
{
"name": "35391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35391"
},
{
"name": "35286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35286"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/487818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via \"Parent and related terms.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability",
"refsource": "MISC",
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"name": "http://drupal.org/node/487620",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/487620"
},
{
"name": "35391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35391"
},
{
"name": "35286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35286"
},
{
"name": "http://drupal.org/node/487818",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/487818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2083",
"datePublished": "2009-06-16T20:26:00Z",
"dateReserved": "2009-06-16T00:00:00Z",
"dateUpdated": "2024-09-16T19:56:30.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0320
Vulnerability from cvelistv5
Published
2013-03-27 21:00
Modified
2024-09-16 19:37
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/1922170 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/02/21/5 | mailing-list, x_refsource_MLIST | |
| http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801 | x_refsource_CONFIRM | |
| http://drupal.org/node/1922168 | x_refsource_CONFIRM | |
| http://drupal.org/node/1922410 | x_refsource_MISC | |
| http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:09.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1922170"
},
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1922168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1922410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with \u0027administer taxonomy\u0027 permissions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-27T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1922170"
},
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1922168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1922410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with \u0027administer taxonomy\u0027 permissions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1922170",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1922170"
},
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"name": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"name": "http://drupal.org/node/1922168",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1922168"
},
{
"name": "http://drupal.org/node/1922410",
"refsource": "MISC",
"url": "http://drupal.org/node/1922410"
},
{
"name": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0320",
"datePublished": "2013-03-27T21:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-16T19:37:07.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}