Lucene search

[email protected]CVE-2007-4363

HistoryAug 15, 2007 - 7:17 p.m.

CVE-2007-4363

2007-08-1519:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

drupal

cck

nodereference

xss

vulnerabilities

remote attackers

web script

html

plain formatter

autocomplete text field widget

views.module

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.018 Low

EPSS

Percentile

88.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.

CPENameOperatorVersion
drupal:content_construction_kitdrupal content construction kiteq4.7
drupal:content_construction_kitdrupal content construction kiteq5.2

CPE	Name	Operator	Version
drupal:content_construction_kit	drupal content construction kit	eq	4.7
drupal:content_construction_kit	drupal content construction kit	eq	5.2

References

drupal.org/node/166992

drupal.org/node/166994

drupal.org/node/166998

osvdb.org/37208

osvdb.org/37209

secunia.com/advisories/26416

www.securityfocus.com/bid/25321

www.vupen.com/english/advisories/2007/2876

exchange.xforce.ibmcloud.com/vulnerabilities/36000

exchange.xforce.ibmcloud.com/vulnerabilities/36002

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2007-4363

prion1