CVE-2007-4363

Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.
Configurations

Configuration 1

cpe:2.3:a:drupal:content_construction_kit:4.7:*:*:*:*:*:*:*
cpe:2.3:a:drupal:content_construction_kit:5.2:*:*:*:*:*:*:*

Information

Published : 2007-08-15 07:17

Updated : 2017-07-29 01:32


NVD link : CVE-2007-4363

Mitre link : CVE-2007-4363

Products Affected