NVD

Id
48135  
Name
CVE-2009-0818  
Description
Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2009-03-04  
Modified Date
2009-03-05  
Seq
2009-0818  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
241753 48135 CVE-2009-0818 http://drupal.org/node/386940  View
241754 48135 CVE-2009-0818 http://drupal.org/node/386942  View
241755 48135 CVE-2009-0818 33923  View
241756 48135 CVE-2009-0818 drupal-taxonomy-name-xss(48979)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
40393 JVNDB-2009-001399 Drupal Taxonomy Theme モジュールの taxonomy_theme_admin_table_builder 関数におけるクロスサイトスクリプティングの脆弱性 Drupal Taxonomy Theme モジュールの taxonomy_theme_admin_table_builder 関数 (taxonomy_theme_admin.inc) には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2009-0818 38249 CVE-2009-0818 48135 3.5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001399.html 2009-03-05 2009-06-30 View