MidnightBSD

Advisories for mattias_hutterer

CVE-2009-2083 LOW

Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
mattias_hutterer taxonomy_manager 5.x-1.1
mattias_hutterer taxonomy_manager 5.x-1.x-dev
mattias_hutterer taxonomy_manager 5.x-1.0
CVE-2013-0320 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
mattias_hutterer taxonomy_manager 7.x-1.0
mattias_hutterer taxonomy_manager 7.x-1.x
mattias_hutterer taxonomy_manager 6.x-2.1
mattias_hutterer taxonomy_manager 6.x-2.0
mattias_hutterer taxonomy_manager 6.x-2.x