Description
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
Remediation
References
Related Vulnerabilities
WordPress Plugin Infusionsoft Gravity Forms Add-on Arbitrary File Upload (1.5.10)
WordPress Plugin SocialGrid 'default_services' Parameter Cross-Site Scripting (2.3)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-6211)
WordPress Plugin WP Statistics Cross-Site Scripting (9.5.1)
WordPress Plugin Disable Comments Cross-Site Scripting (1.3)