CVE-2009-2079
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names.
Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el interfaz de la pagina administrativa en el gestor Taxonomy v5.x anteriores a v5.x-1.2 y v6.x anteriores a v6.x-1.1, un modulo de Drupal, permite a usuarios autenticados, con privilegios de administrador en Taxonomy o con la posibilidad de etiquetado libre para añadir términos taxonómicos, inyectar secuencias de comandos web o HTML a través de (1) nombres de vocabulario, (2) sinónimos y (3) nombres de temporada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-06-16 CVE Reserved
- 2009-06-16 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/35286 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability | 2024-09-17 |
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/487602 | 2024-02-14 | |
| http://drupal.org/node/487620 | 2024-02-14 | |
| http://drupal.org/node/487818 | 2024-02-14 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/35391 | 2024-02-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Drupal Search vendor "Drupal" | Taxonomy Manager Search vendor "Drupal" for product "Taxonomy Manager" | 5.x-1.0 Search vendor "Drupal" for product "Taxonomy Manager" and version "5.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Drupal Search vendor "Drupal" | Taxonomy Manager Search vendor "Drupal" for product "Taxonomy Manager" | 5.x-1.1 Search vendor "Drupal" for product "Taxonomy Manager" and version "5.x-1.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Drupal Search vendor "Drupal" | Taxonomy Manager Search vendor "Drupal" for product "Taxonomy Manager" | 6.x-1.0 Search vendor "Drupal" for product "Taxonomy Manager" and version "6.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Drupal Search vendor "Drupal" | Taxonomy Manager Search vendor "Drupal" for product "Taxonomy Manager" | 6.x-1.0-beta1 Search vendor "Drupal" for product "Taxonomy Manager" and version "6.x-1.0-beta1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Drupal Search vendor "Drupal" | Taxonomy Manager Search vendor "Drupal" for product "Taxonomy Manager" | 6.x-1.0-beta2 Search vendor "Drupal" for product "Taxonomy Manager" and version "6.x-1.0-beta2" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|