CVE-2009-2079

{"id": "CVE-2009-2079", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-06-16T19:30:00.313", "references": [{"url": "http://drupal.org/node/487602", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/487620", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/487818", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerability", "tags": ["Exploit", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35391", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35286", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el interfaz de la pagina administrativa en el gestor Taxonomy v5.x anteriores a v5.x-1.2 y v6.x anteriores a v6.x-1.1, un modulo de Drupal, permite a usuarios autenticados, con privilegios de administrador en Taxonomy  o con la posibilidad de etiquetado libre para a\u00f1adir t\u00e9rminos taxon\u00f3micos, inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) nombres de vocabulario, (2) sin\u00f3nimos y (3) nombres de temporada."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:taxonomy_manager:5.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "393C3759-0FF6-4FCF-A6E6-881B3248E187"}, {"criteria": "cpe:2.3:a:drupal:taxonomy_manager:5.x-1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A325723-8470-46D8-93FE-FF5545CBDF3A"}, {"criteria": "cpe:2.3:a:drupal:taxonomy_manager:6.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA9BEFC2-8CFA-4ACC-A48F-1505B188C3FF"}, {"criteria": "cpe:2.3:a:drupal:taxonomy_manager:6.x-1.0-beta1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64E8FFAE-3EAD-4319-A1C4-3946AC3551FA"}, {"criteria": "cpe:2.3:a:drupal:taxonomy_manager:6.x-1.0-beta2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46E7CA3C-FC06-4FF5-AD61-043B57320C77"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}