Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6972

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2008-6972
Last Modified 19 Aug 2009 12:00:00
Published 13 Aug 2009 12:30:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-6972

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings.

Vulnerable Systems

Application

  • Karen Stevenson Cck 5.x-1.0-beta

  • Karen Stevenson Cck 5.x-1.1

  • Karen Stevenson Cck 5.x-1.2

  • Karen Stevenson Cck 5.x-1.3

  • Karen Stevenson Cck 5.x-1.7

  • Karen Stevenson Cck 5.x-1.x-dev

  • Yves Chedemois Cck 5.x-1.4

  • Yves Chedemois Cck 5.x-1.5

  • Yves Chedemois Cck 5.x-1.6

  • Yves Chedemois Cck 5.x-1.6-1

  • Yves Chedemois Cck 5.x-1.8


References

CONFIRM - http://drupal.org/node/304093

XF - cck-multiple-fields-xss(44915)

BID - 31027

SECUNIA - 31757

OSVDB - 47929


Last Updated: 27 May 2016 10:49:24