Cross-Site Scripting Vulnerabilities in Drupal Content Construction Kit (CCK)
CVE-2007-4363

Currently unrated

Key Information:

Vendor: Drupal
Status: Content Construction Kit
Vendor: CVE Published:; 15 August 2007

What is CVE-2007-4363?

Multiple cross-site scripting (XSS) vulnerabilities exist in the nodereference module of the Drupal Content Construction Kit (CCK) prior to specific version updates. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML code via nodereference fields, particularly when utilizing the plain formatter or the autocomplete text field widget without Views.module. This can lead to unauthorized access and manipulation of user sessions, compromising the integrity of the affected web applications.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36002

vdb-entryx_refsource_XF

http://osvdb.org/37209

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/25321

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2007
Vulnerability Reserved
Aug 15, 2007