CVE-2010-4813

Name of the Vulnerable Software and Affected Versions Drupal Category Tokens module versions prior to 6.x-1.1

Description A cross-site scripting (XSS) issue exists due to improper handling of vocabulary names in the token help. This allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names.

Recommendations For versions prior to 6.x-1.1, update to version 6.x-1.1 or later to resolve the issue.