Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x prior to 6.32 and possibly 7.x prior to 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
drupal drupal 7.0 |
||
drupal drupal 7.15 |
||
drupal drupal 7.16 |
||
drupal drupal 7.17 |
||
drupal drupal 7.18 |
||
drupal drupal 7.5 |
||
drupal drupal 7.6 |
||
drupal drupal 7.7 |
||
drupal drupal 7.8 |
||
drupal drupal 7.28 |
||
drupal drupal 7.1 |
||
drupal drupal 7.22 |
||
drupal drupal 7.23 |
||
drupal drupal 7.24 |
||
drupal drupal 7.25 |
||
drupal drupal 7.11 |
||
drupal drupal 7.13 |
||
drupal drupal 7.2 |
||
drupal drupal 7.21 |
||
drupal drupal 7.26 |
||
drupal drupal 7.3 |
||
drupal drupal 7.x-dev |
||
drupal drupal 7.10 |
||
drupal drupal 7.12 |
||
drupal drupal 7.14 |
||
drupal drupal 7.19 |
||
drupal drupal 7.20 |
||
drupal drupal 7.27 |
||
drupal drupal 7.4 |
||
drupal drupal 7.9 |
||
drupal drupal 6.1 |
||
drupal drupal 6.10 |
||
drupal drupal 6.11 |
||
drupal drupal 6.12 |
||
drupal drupal 6.25 |
||
drupal drupal 6.26 |
||
drupal drupal 6.27 |
||
drupal drupal 6.28 |
||
drupal drupal 6.0 |
||
drupal drupal 6.17 |
||
drupal drupal 6.18 |
||
drupal drupal 6.19 |
||
drupal drupal 6.2 |
||
drupal drupal 6.20 |
||
drupal drupal 6.4 |
||
drupal drupal 6.5 |
||
drupal drupal 6.6 |
||
drupal drupal 6.7 |
||
drupal drupal 6.13 |
||
drupal drupal 6.15 |
||
drupal drupal 6.21 |
||
drupal drupal 6.23 |
||
drupal drupal 6.3 |
||
drupal drupal 6.31 |
||
drupal drupal 6.8 |
||
drupal drupal 6.14 |
||
drupal drupal 6.16 |
||
drupal drupal 6.22 |
||
drupal drupal 6.24 |
||
drupal drupal 6.29 |
||
drupal drupal 6.30 |
||
drupal drupal 6.9 |
Vulmon