CVE-2009-2083
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."
Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la pagina de detalle de datos de un periodo en el administrador Taxonomy v5.x anteriores a v5.x-1.2, un modulo de Drupal, permite a usuarios autenticados, con privilegios de administrador de taxonomías o la capacidad para utilizar los términos de "etiquetado libre" y "añadir taxonomía", inyectar secuencias de comandos web o HTML a través de "términos padre y relacionados".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-06-16 CVE Reserved
- 2009-06-16 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/35286 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability | 2024-09-16 |
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/487620 | 2024-02-14 | |
| http://drupal.org/node/487818 | 2024-02-14 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/35391 | 2024-02-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mattias Hutterer Search vendor "Mattias Hutterer" | Taxonomy Manager Search vendor "Mattias Hutterer" for product "Taxonomy Manager" | 5.x-1.0 Search vendor "Mattias Hutterer" for product "Taxonomy Manager" and version "5.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Mattias Hutterer Search vendor "Mattias Hutterer" | Taxonomy Manager Search vendor "Mattias Hutterer" for product "Taxonomy Manager" | 5.x-1.1 Search vendor "Mattias Hutterer" for product "Taxonomy Manager" and version "5.x-1.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|
| Mattias Hutterer Search vendor "Mattias Hutterer" | Taxonomy Manager Search vendor "Mattias Hutterer" for product "Taxonomy Manager" | 5.x-1.x-dev Search vendor "Mattias Hutterer" for product "Taxonomy Manager" and version "5.x-1.x-dev" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | * | - |
Safe
|