Unrated severityNVD Advisory· Published Jul 8, 2011· Updated Apr 29, 2026

CVE-2010-4813

Description

Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.

Affected products

Category Tokens Project/Category Tokens
cpe:2.3:a:category_tokens_project:category_tokens:6.x-1.0:*:*:*:*:drupal:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupal.org/node/968176nvdPatchVendor Advisory
osvdb.org/69145nvd
secunia.com/advisories/42168nvd
www.securityfocus.com/bid/44780nvd
exchange.xforce.ibmcloud.com/vulnerabilities/63203nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000