CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
EPSS
Percentile
30.3%
Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x
before 6.32 and possibly 7.x before 7.29 allows remote authenticated users
with the “administer taxonomy” permission to inject arbitrary web script or
HTML via an option group label.