Description
Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.
Remediation
References
Related Vulnerabilities
WordPress Plugin eventON Multiple Cross-Site Scripting Vulnerabilities (2.6.11)
MySQL CVE-2021-2217 Vulnerability (CVE-2021-2217)
WordPress Plugin Platinum SEO Pack Cross-Site Scripting (1.3.7)
WordPress Plugin Campaign Press Cross-Site Scripting (1.0.5)
Apache HTTP Server CVE-2009-1191 Vulnerability (CVE-2009-1191)