CVE-2009-2079

Name of the Vulnerable Software and Affected Versions Drupal Taxonomy manager versions 5.x before 5.x-1.2 Drupal Taxonomy manager versions 6.x before 6.x-1.1

Description A cross-site scripting (XSS) issue exists in the administrative page interface of the Taxonomy manager module for Drupal. This allows remote authenticated users with specific privileges to inject arbitrary web script or HTML via vocabulary names, synonyms, and term names.

Recommendations For Drupal Taxonomy manager versions 5.x before 5.x-1.2, update to version 5.x-1.2 or later. For Drupal Taxonomy manager versions 6.x before 6.x-1.1, update to version 6.x-1.1 or later.