CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2013-0320
https://notcve.org/view.php?id=CVE-2013-0320
27 Mar 2013 — Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el Administrador de Taxonomía (taxonomy_manager) módulo v6.x-2.x antes v6.x-2.2 y v7.x-1.x antes v7.x-1.0-rc1 para Drupal permite a atacantes remotos ... • http://drupal.org/node/1922168 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1CVE-2009-2083
https://notcve.org/view.php?id=CVE-2009-2083
16 Jun 2009 — Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la pagina de detalle de datos de un periodo en el administrador Taxonomy v5.x anteriores a v5.x-1.2, un modulo d... • http://drupal.org/node/487620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •