Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4363

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4363
Last Modified 07 Mar 2011 09:58:27
Published 15 Aug 2007 03:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4363

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.

Vulnerable Systems

Application

  • Drupal Content Construction Kit 4.7

  • Drupal Content Construction Kit 5.2


References

SECUNIA - 26416

VUPEN - ADV-2007-2876

OSVDB - 37209

OSVDB - 37208

CONFIRM - http://drupal.org/node/166998

CONFIRM - http://drupal.org/node/166994

CONFIRM - http://drupal.org/node/166992

XF - cck-nodereference-autocomplete-xss(36002)

XF - cck-nodereference-plain-xss(36000)

BID - 25321


Last Updated: 27 May 2016 10:45:50