All the vulnerabilites related to drupal - content_construction_kit
cve-2007-4363
Vulnerability from cvelistv5
Published
2007-08-15 19:00
Modified
2024-08-07 14:53
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36002 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/37209 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/25321 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/37208 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2007/2876 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26416 | third-party-advisory, x_refsource_SECUNIA | |
| http://drupal.org/node/166994 | x_refsource_CONFIRM | |
| http://drupal.org/node/166992 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36000 | vdb-entry, x_refsource_XF | |
| http://drupal.org/node/166998 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cck-nodereference-autocomplete-xss(36002)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36002"
},
{
"name": "37209",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37209"
},
{
"name": "25321",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25321"
},
{
"name": "37208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37208"
},
{
"name": "ADV-2007-2876",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2876"
},
{
"name": "26416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26416"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/166994"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/166992"
},
{
"name": "cck-nodereference-plain-xss(36000)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36000"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/166998"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cck-nodereference-autocomplete-xss(36002)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36002"
},
{
"name": "37209",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37209"
},
{
"name": "25321",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25321"
},
{
"name": "37208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37208"
},
{
"name": "ADV-2007-2876",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2876"
},
{
"name": "26416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26416"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/166994"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/166992"
},
{
"name": "cck-nodereference-plain-xss(36000)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36000"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/166998"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cck-nodereference-autocomplete-xss(36002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36002"
},
{
"name": "37209",
"refsource": "OSVDB",
"url": "http://osvdb.org/37209"
},
{
"name": "25321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25321"
},
{
"name": "37208",
"refsource": "OSVDB",
"url": "http://osvdb.org/37208"
},
{
"name": "ADV-2007-2876",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2876"
},
{
"name": "26416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26416"
},
{
"name": "http://drupal.org/node/166994",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/166994"
},
{
"name": "http://drupal.org/node/166992",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/166992"
},
{
"name": "cck-nodereference-plain-xss(36000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36000"
},
{
"name": "http://drupal.org/node/166998",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/166998"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4363",
"datePublished": "2007-08-15T19:00:00",
"dateReserved": "2007-08-15T00:00:00",
"dateUpdated": "2024-08-07T14:53:55.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6229
Vulnerability from cvelistv5
Published
2009-02-20 23:00
Modified
2024-08-07 11:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46377 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/32615 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/32572 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/3030 | vdb-entry, x_refsource_VUPEN | |
| https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00178.html | vendor-advisory, x_refsource_FEDORA | |
| http://drupal.org/node/330546 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32136 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cck-fieldlabels-contenttype-xss(46377)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46377"
},
{
"name": "32615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32615"
},
{
"name": "32572",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32572"
},
{
"name": "ADV-2008-3030",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3030"
},
{
"name": "FEDORA-2008-9479",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00178.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/330546"
},
{
"name": "32136",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with \"administer content\" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cck-fieldlabels-contenttype-xss(46377)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46377"
},
{
"name": "32615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32615"
},
{
"name": "32572",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32572"
},
{
"name": "ADV-2008-3030",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3030"
},
{
"name": "FEDORA-2008-9479",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00178.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/330546"
},
{
"name": "32136",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with \"administer content\" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cck-fieldlabels-contenttype-xss(46377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46377"
},
{
"name": "32615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32615"
},
{
"name": "32572",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32572"
},
{
"name": "ADV-2008-3030",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3030"
},
{
"name": "FEDORA-2008-9479",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00178.html"
},
{
"name": "http://drupal.org/node/330546",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/330546"
},
{
"name": "32136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6229",
"datePublished": "2009-02-20T23:00:00",
"dateReserved": "2009-02-20T00:00:00",
"dateUpdated": "2024-08-07T11:20:25.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1069
Vulnerability from cvelistv5
Published
2009-03-24 19:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/34172 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/52784 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49317 | vdb-entry, x_refsource_XF | |
| http://drupal.org/node/406520 | x_refsource_CONFIRM | |
| http://osvdb.org/52783 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/34370 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34172",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34172"
},
{
"name": "52784",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52784"
},
{
"name": "cck-node-user-xss(49317)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49317"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/406520"
},
{
"name": "52783",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52783"
},
{
"name": "34370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34172",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34172"
},
{
"name": "52784",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52784"
},
{
"name": "cck-node-user-xss(49317)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49317"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/406520"
},
{
"name": "52783",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52783"
},
{
"name": "34370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34370"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34172"
},
{
"name": "52784",
"refsource": "OSVDB",
"url": "http://osvdb.org/52784"
},
{
"name": "cck-node-user-xss(49317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49317"
},
{
"name": "http://drupal.org/node/406520",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/406520"
},
{
"name": "52783",
"refsource": "OSVDB",
"url": "http://osvdb.org/52783"
},
{
"name": "34370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34370"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1069",
"datePublished": "2009-03-24T19:00:00",
"dateReserved": "2009-03-24T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-03-26 05:51
Modified
2024-11-21 01:01
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | content_construction_kit | 6.x-1.0 | |
| drupal | content_construction_kit | 6.x-1.0 | |
| drupal | content_construction_kit | 6.x-1.x-dev | |
| drupal | content_construction_kit | 6.x-2.0 | |
| drupal | content_construction_kit | 6.x-2.0 | |
| drupal | content_construction_kit | 6.x-2.0 | |
| drupal | content_construction_kit | 6.x-2.0 | |
| drupal | content_construction_kit | 6.x-2.0 | |
| drupal | content_construction_kit | 6.x-2.0 | |
| drupal | content_construction_kit | 6.x-2.0 | |
| drupal | content_construction_kit | 6.x-2.0 | |
| drupal | content_construction_kit | 6.x-2.0 | |
| drupal | content_construction_kit | 6.x-2.0 | |
| drupal | content_construction_kit | 6.x-2.0 | |
| drupal | content_construction_kit | 6.x-2.0 | |
| drupal | content_construction_kit | 6.x-2.1 | |
| drupal | drupal | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C311CE79-DE50-498A-95B6-0B9F3992A2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-1.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "6C557F91-041A-422A-9B8D-A16C8EE37BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "E2884977-8DFE-4488-BD6E-E17FC1781DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5227C3E1-DCEA-4B71-A911-61E3A9BEFB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "D2181EF0-5583-44F5-98D4-4E583B885CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6B8CAF91-5F75-4542-8F53-60A8A84FC4D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc10:*:*:*:*:*:*",
"matchCriteriaId": "1489B0C9-1889-40EC-BF72-96C3847092B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8749D157-5FE2-42E9-B944-72E98D21DCCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B3CB9B8C-F66B-475F-ABA3-6BBD129ACA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "F5563428-0910-4A5C-849A-006F06C74E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6639D87C-561E-4F5B-A716-D4D9451BA5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "E174665E-32FC-41DF-95E1-7AE6A3168C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "876733CA-158B-46D3-A520-D5D590E5BB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "2CDCC426-6904-444D-9756-23ECDA460896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc9:*:*:*:*:*:*",
"matchCriteriaId": "B01AF255-E7B9-412B-B3BE-BE252B2ED34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA53B6B-59CC-456D-9A96-1B8BC52444B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el formulario \"node edit\" del m\u00f3dulo Content Construction Kit (CCK) v6.x anterior a v6.x-2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del (1)t\u00edtulos de nodos candidatos referenciados en el sub-m\u00f3dulo \"Node Reference\" y (2) nombres de usuarios candidatos referenciados en el sub-m\u00f3dulo \"User references\"."
}
],
"id": "CVE-2009-1069",
"lastModified": "2024-11-21T01:01:35.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-26T05:51:52.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/406520"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52783"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52784"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34370"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34172"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/406520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49317"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-20 23:30
Modified
2024-11-21 00:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | content_construction_kit | 5.x-1.0 | |
| drupal | content_construction_kit | 5.x-1.0 | |
| drupal | content_construction_kit | 5.x-1.1 | |
| drupal | content_construction_kit | 5.x-1.2 | |
| drupal | content_construction_kit | 5.x-1.3 | |
| drupal | content_construction_kit | 5.x-1.4 | |
| drupal | content_construction_kit | 5.x-1.5 | |
| drupal | content_construction_kit | 5.x-1.6 | |
| drupal | content_construction_kit | 5.x-1.7 | |
| drupal | content_construction_kit | 5.x-1.8 | |
| drupal | content_construction_kit | 5.x-1.9 | |
| drupal | content_construction_kit | 5.x-1.x-dev | |
| drupal | content_construction_kit | 6.x-1.0 | |
| drupal | content_construction_kit | 6.x-1.x-dev |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D632D3-8707-40BD-A740-3AAAA0C53EF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "44466627-C95C-489F-92EA-BDA63C0EAFB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0233097D-E718-4FD4-8002-E79EB5B39988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECE1A46-1146-472D-9EEA-8756ED9F5029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3FC32E-B848-4137-9D8D-39D441EA5662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "504DB2C5-3851-4835-BA5A-99C2FC750D11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E2DC36-DAB0-4A4F-9723-C1BF3FAB9C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0225D4C0-845F-40E1-8BD4-86FDD6C6093F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4E97F2-9C42-44B1-B1F1-F287559E1411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "59EF5F40-38CF-4C24-A5D8-9170FE67B10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F232DC06-66E8-4F4B-9EA8-C394325E7A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC14F31-2486-40A6-8554-2E7399E20715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C311CE79-DE50-498A-95B6-0B9F3992A2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-1.x-dev:*:*:*:*:*:*:*",
"matchCriteriaId": "E2884977-8DFE-4488-BD6E-E17FC1781DAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with \"administer content\" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la interfaz administrativa de Content Construction Kit (CCK) v5.x anterior a v5.x-1.10 y v6.x anterior a v6.x-2.0, un modulo de Drupal, que permite a usuarios remotos autentificados con permisos de \"administrador de contenido\" para inyectar secuencias de comando web o HTML a traves de (2) el campo \"etiquetas\" y (2) nombres de contenido."
}
],
"id": "CVE-2008-6229",
"lastModified": "2024-11-21T00:55:59.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-20T23:30:00.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/330546"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32572"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32615"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32136"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3030"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46377"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00178.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/330546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00178.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-15 19:17
Modified
2024-11-21 00:35
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| drupal | content_construction_kit | 4.7 | |
| drupal | content_construction_kit | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A60BFE40-E097-404C-9AA8-EB7D1BA3EEB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0E144760-7268-4D9D-9253-9C62EF31CC8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo nodereference de Drupal Content Construction Kig (CCK) anterior a 4.7.x-1.6, y 5.x anterior a 5.x-1.6, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de campos nodereference, cuando se usa (1) el formateador simple (plain formatter) o (2) la mini-aplicaci\u00f3n (widget) de autocompletado de campos de texto sin Views.module."
}
],
"id": "CVE-2007-4363",
"lastModified": "2024-11-21T00:35:24.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-15T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://drupal.org/node/166992"
},
{
"source": "cve@mitre.org",
"url": "http://drupal.org/node/166994"
},
{
"source": "cve@mitre.org",
"url": "http://drupal.org/node/166998"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37208"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37209"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26416"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25321"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2876"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36000"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupal.org/node/166992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupal.org/node/166994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupal.org/node/166998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36002"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}