CVE-2009-0818 - OpenCVE

Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Drupal Taxonomy Theme Module

Configuration 1 [-]

AND

cpe:2.3:a:drupal:taxonomy_theme_module:*:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://drupal.org/node/386940
http://drupal.org/node/386942
http://osvdb.org/52285
http://secunia.com/advisories/34080
http://www.securityfocus.com/bid/33923
https://exchange.xforce.ibmcloud.com/vulnerabilities/48979

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-05T02:00:00

Updated: 2024-08-07T04:48:52.468Z

Reserved: 2009-03-04T00:00:00

Link: CVE-2009-0818

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-03-05T02:30:00.627

Modified: 2017-08-17T01:30:02.207

Link: CVE-2009-0818

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the \"administer taxonomy\" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "52285", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/52285"}, {"name": "34080", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34080"}, {"name": "drupal-taxonomy-name-xss(48979)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48979"}, {"name": "33923", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33923"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/386940"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/386942"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0818", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the \"administer taxonomy\" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "52285", "refsource": "OSVDB", "url": "http://osvdb.org/52285"}, {"name": "34080", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34080"}, {"name": "drupal-taxonomy-name-xss(48979)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48979"}, {"name": "33923", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33923"}, {"name": "http://drupal.org/node/386940", "refsource": "CONFIRM", "url": "http://drupal.org/node/386940"}, {"name": "http://drupal.org/node/386942", "refsource": "CONFIRM", "url": "http://drupal.org/node/386942"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:48:52.468Z"}, "title": "CVE Program Container", "references": [{"name": "52285", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/52285"}, {"name": "34080", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34080"}, {"name": "drupal-taxonomy-name-xss(48979)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48979"}, {"name": "33923", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33923"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/386940"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/386942"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0818", "datePublished": "2009-03-05T02:00:00", "dateReserved": "2009-03-04T00:00:00", "dateUpdated": "2024-08-07T04:48:52.468Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:taxonomy_theme_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "800233AE-BE67-492F-975B-E9A2A74D4AA3", "versionEndIncluding": "5.x-1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the \"administer taxonomy\" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n taxonomy_theme_admin_table_builder (taxonomy_theme_admin.inc) de Taxonomy Theme m\u00f3dulo anterior a 5.x-1.2, un m\u00f3dulo para Drupal, permite a usuarios autenticados en remoto con los permisos de \"administer taxonomy\", o la capacidad de crear p\u00e1ginas cuando las etiquetas est\u00e1n habilitadas; inyectar secuencias de comandos Web o HTML de su elecci\u00f3n a trav\u00e9s del nombre Vocabulary (par\u00e1metro name) a index.php. NOTA: algunos de estos detalles se han obtenido de fuentes de terceros."}], "id": "CVE-2009-0818", "lastModified": "2017-08-17T01:30:02.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-03-05T02:30:00.627", "references": [{"source": "cve@mitre.org", "url": "http://drupal.org/node/386940"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/386942"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/52285"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/34080"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/33923"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48979"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}