CVE-2011-3373

Name of the Vulnerable Software and Affected Versions Drupal Views Bulk Operations (VBO) module versions 6.x-1.0 through 6.x-1.10

Description The issue arises from the improper escaping of vocabulary help in the Drupal Views Bulk Operations (VBO) module when user tagging is enabled and the "Modify node taxonomy terms" action is used. This could allow a remote attacker to provide a specially-crafted URL, potentially leading to a cross-site scripting (XSS) attack.

Recommendations For versions 6.x-1.0 through 6.x-1.10, consider disabling the "Modify node taxonomy terms" action until a proper fix is available to prevent potential XSS attacks. Restrict access to user tagging functionality in the vocabulary to minimize the risk of exploitation. Avoid using the vulnerable module for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.