CVE-2010-1362

Name of the Vulnerable Software and Affected Versions Drupal Own Term module version 6.x-1.0

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users with "create additional terms" privileges to inject arbitrary web script or HTML via the term description field in a term listing page.

Recommendations For version 6.x-1.0, consider disabling the term description field in the term listing page until a patch is available. Restrict access to the Own Term module to minimize the risk of exploitation. Avoid using the term description field in the affected module until the issue is resolved.