Cross-Site Scripting Vulnerability in Drupal Content Construction Kit Module
CVE-2009-1069

Currently unrated

Key Information:

Vendor: Drupal
Status: Content Construction Kit
Vendor: CVE Published:; 26 March 2009

Summary

The Drupal Content Construction Kit (CCK) module has multiple vulnerabilities that enable remote attackers to execute arbitrary web scripts or HTML. These vulnerabilities stem from the node edit form, particularly within the Node reference sub-module and the User reference sub-module. Attackers can manipulate the titles of candidate referenced nodes and the names of candidate referenced users, potentially compromising site integrity and exposing sensitive user data. It's crucial to apply relevant updates and patches to mitigate these risks and ensure Drupal installations remain secure.

References

http://www.securityfocus.com/bid/34172

vdb-entryx_refsource_BID

http://osvdb.org/52784

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/49317

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Mar 26, 2009
Vulnerability Reserved
Mar 24, 2009