CVSS: 3.5EPSS: 0%CPEs: 14EXPL: 0CVE-2008-6229
https://notcve.org/view.php?id=CVE-2008-6229
Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names. Una vulnerabilidad de Ejecución de secuencias de comandos en sitios cruzados (XSS) en la interfaz administrativa de Content Construction Kit (CCK) v5.x anterior a v5.x-1.10 y v6.x anterior a v6.x-2.0, un modulo de Drupal, que permite a usuarios remotos autentificados con permisos de "administrador de contenido" para inyectar secuencias de comando web o HTML a traves de (2) el campo "etiquetas" y (2) nombres de contenido. • http://drupal.org/node/330546 http://secunia.com/advisories/32572 http://secunia.com/advisories/32615 http://www.securityfocus.com/bid/32136 http://www.vupen.com/english/advisories/2008/3030 https://exchange.xforce.ibmcloud.com/vulnerabilities/46377 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00178.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 6%CPEs: 2EXPL: 0CVE-2007-4363
https://notcve.org/view.php?id=CVE-2007-4363
Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el módulo nodereference de Drupal Content Construction Kig (CCK) anterior a 4.7.x-1.6, y 5.x anterior a 5.x-1.6, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de campos nodereference, cuando se usa (1) el formateador simple (plain formatter) o (2) la mini-aplicación (widget) de autocompletado de campos de texto sin Views.module. • http://drupal.org/node/166992 http://drupal.org/node/166994 http://drupal.org/node/166998 http://osvdb.org/37208 http://osvdb.org/37209 http://secunia.com/advisories/26416 http://www.securityfocus.com/bid/25321 http://www.vupen.com/english/advisories/2007/2876 https://exchange.xforce.ibmcloud.com/vulnerabilities/36000 https://exchange.xforce.ibmcloud.com/vulnerabilities/36002 •