CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2013-0320
https://notcve.org/view.php?id=CVE-2013-0320
27 Mar 2013 — Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el Administrador de Taxonomía (taxonomy_manager) módulo v6.x-2.x antes v6.x-2.2 y v7.x-1.x antes v7.x-1.0-rc1 para Drupal permite a atacantes remotos ... • http://drupal.org/node/1922168 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 1CVE-2009-2079
https://notcve.org/view.php?id=CVE-2009-2079
16 Jun 2009 — Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el interfaz de la pagina administrativa en el gestor ... • http://drupal.org/node/487602 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •