CVE-2008-6972

2009-08-13T12:30:01
ID CVE-2008-6972
Type cve
Reporter NVD
Modified 2017-08-16T21:29:42

Description

Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings.