Unrated severityNVD Advisory· Published Jun 16, 2009· Updated Jun 16, 2026
CVE-2009-2083
CVE-2009-2083
Description
Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mattias_hutterer:taxonomy_manager:5.x-1.x-dev:*:*:*:*:*:*:*
- Range: <5.x-1.2
Patches
Vulnerability mechanics
References
5- drupal.org/node/487620nvdPatchVendor Advisory
- drupal.org/node/487818nvdPatchVendor Advisory
- lampsecurity.org/drupal-6-taxonomy-manager-xss-vulnerabilitynvdExploitURL Repurposed
- secunia.com/advisories/35391nvdVendor Advisory
- www.securityfocus.com/bid/35286nvd
News mentions
0No linked articles in our index yet.