Search criteria
6 vulnerabilities found for taxonomy_manager by mattias_hutterer
FKIE_CVE-2013-0320
Vulnerability from fkie_nvd - Published: 2013-03-27 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mattias_hutterer | taxonomy_manager | 6.x-2.0 | |
| mattias_hutterer | taxonomy_manager | 6.x-2.1 | |
| mattias_hutterer | taxonomy_manager | 6.x-2.x | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D5027DAF-DD90-4400-B5A4-91B998D6D8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98755200-BC97-4566-98EB-C1EADE919B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:6.x-2.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "C7A477A6-7EA1-46FA-9627-71DBD6D05AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "140CCFCC-A762-4F19-836C-50F5BBE5EFB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "8300611E-3D0E-492D-9F7C-8DCF9E1431F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "03C3497D-1A8A-4189-8431-233139F12101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "3E43CF66-4DA9-4029-9757-6B7268389E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "86C4FB7C-A11D-432E-82F1-97238C616942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DD50389C-1590-44B9-AFEB-9CB3C799EA8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "819988EE-E208-4F32-8772-F4218450A36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "843235A4-FE0F-44A2-90B9-63D22292C6D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with \u0027administer taxonomy\u0027 permissions via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el Administrador de Taxonom\u00eda (taxonomy_manager) m\u00f3dulo v6.x-2.x antes v6.x-2.2 y v7.x-1.x antes v7.x-1.0-rc1 para Drupal permite a atacantes remotos secuestrar a la autenticaci\u00f3n de usuarios con el permiso \u0027administer taxonomy\u0027 a ??trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-0320",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-27T21:55:02.263",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1922168"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1922170"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1922410"
},
{
"source": "secalert@redhat.com",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"source": "secalert@redhat.com",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1922168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1922170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1922410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-2083
Vulnerability from fkie_nvd - Published: 2009-06-16 21:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://drupal.org/node/487620 | Patch, Vendor Advisory | |
| cve@mitre.org | http://drupal.org/node/487818 | Patch, Vendor Advisory | |
| cve@mitre.org | http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability | Exploit, URL Repurposed | |
| cve@mitre.org | http://secunia.com/advisories/35391 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/35286 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://drupal.org/node/487620 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://drupal.org/node/487818 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability | Exploit, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35391 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/35286 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | drupal | * | |
| mattias_hutterer | taxonomy_manager | 5.x-1.0 | |
| mattias_hutterer | taxonomy_manager | 5.x-1.1 | |
| mattias_hutterer | taxonomy_manager | 5.x-1.x-dev |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68E26226-B9E5-48F0-9A8E-E0C24E6F0906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD2BF2A-AC98-4F58-87D3-4F8CB7D8A7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C94DBE-CF9C-4D97-9422-EE85A50A19B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via \"Parent and related terms.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la pagina de detalle de datos de un periodo en el administrador Taxonomy v5.x anteriores a v5.x-1.2, un modulo de Drupal, permite a usuarios autenticados, con privilegios de administrador de taxonom\u00edas o la capacidad para utilizar los t\u00e9rminos de \"etiquetado libre\" y \"a\u00f1adir taxonom\u00eda\", inyectar secuencias de comandos web o HTML a trav\u00e9s de \"t\u00e9rminos padre y relacionados\"."
}
],
"id": "CVE-2009-2083",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-16T21:00:00.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/487620"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/487818"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35391"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/487620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/487818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35286"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-0320 (GCVE-0-2013-0320)
Vulnerability from cvelistv5 – Published: 2013-03-27 21:00 – Updated: 2024-09-16 19:37
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:09.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1922170"
},
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1922168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1922410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with \u0027administer taxonomy\u0027 permissions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-27T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1922170"
},
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1922168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1922410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with \u0027administer taxonomy\u0027 permissions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1922170",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1922170"
},
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"name": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"name": "http://drupal.org/node/1922168",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1922168"
},
{
"name": "http://drupal.org/node/1922410",
"refsource": "MISC",
"url": "http://drupal.org/node/1922410"
},
{
"name": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0320",
"datePublished": "2013-03-27T21:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-16T19:37:07.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2083 (GCVE-0-2009-2083)
Vulnerability from cvelistv5 – Published: 2009-06-16 20:26 – Updated: 2024-09-16 19:56
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/487620"
},
{
"name": "35391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35391"
},
{
"name": "35286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35286"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/487818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via \"Parent and related terms.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-16T20:26:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/487620"
},
{
"name": "35391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35391"
},
{
"name": "35286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35286"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/487818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via \"Parent and related terms.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability",
"refsource": "MISC",
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"name": "http://drupal.org/node/487620",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/487620"
},
{
"name": "35391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35391"
},
{
"name": "35286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35286"
},
{
"name": "http://drupal.org/node/487818",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/487818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2083",
"datePublished": "2009-06-16T20:26:00Z",
"dateReserved": "2009-06-16T00:00:00Z",
"dateUpdated": "2024-09-16T19:56:30.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0320 (GCVE-0-2013-0320)
Vulnerability from nvd – Published: 2013-03-27 21:00 – Updated: 2024-09-16 19:37
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:09.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1922170"
},
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1922168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1922410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with \u0027administer taxonomy\u0027 permissions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-27T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1922170"
},
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1922168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1922410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with \u0027administer taxonomy\u0027 permissions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1922170",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1922170"
},
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"name": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801"
},
{
"name": "http://drupal.org/node/1922168",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1922168"
},
{
"name": "http://drupal.org/node/1922410",
"refsource": "MISC",
"url": "http://drupal.org/node/1922410"
},
{
"name": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0320",
"datePublished": "2013-03-27T21:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-16T19:37:07.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2083 (GCVE-0-2009-2083)
Vulnerability from nvd – Published: 2009-06-16 20:26 – Updated: 2024-09-16 19:56
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:36:20.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/487620"
},
{
"name": "35391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35391"
},
{
"name": "35286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35286"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/487818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via \"Parent and related terms.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-16T20:26:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/487620"
},
{
"name": "35391",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35391"
},
{
"name": "35286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35286"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/487818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via \"Parent and related terms.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability",
"refsource": "MISC",
"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability"
},
{
"name": "http://drupal.org/node/487620",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/487620"
},
{
"name": "35391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35391"
},
{
"name": "35286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35286"
},
{
"name": "http://drupal.org/node/487818",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/487818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2083",
"datePublished": "2009-06-16T20:26:00Z",
"dateReserved": "2009-06-16T00:00:00Z",
"dateUpdated": "2024-09-16T19:56:30.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}