CVE-2009-1069

2009-03-2605:51:52

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

65.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module.

Affected configurations

Nvd

Node

drupalcontent_construction_kitMatch6.x-1.0

drupalcontent_construction_kitMatch6.x-1.0alpha

drupalcontent_construction_kitMatch6.x-1.x-dev

drupalcontent_construction_kitMatch6.x-2.0

drupalcontent_construction_kitMatch6.x-2.0beta

drupalcontent_construction_kitMatch6.x-2.0rc1

drupalcontent_construction_kitMatch6.x-2.0rc10

drupalcontent_construction_kitMatch6.x-2.0rc2

drupalcontent_construction_kitMatch6.x-2.0rc3

drupalcontent_construction_kitMatch6.x-2.0rc4

drupalcontent_construction_kitMatch6.x-2.0rc5

drupalcontent_construction_kitMatch6.x-2.0rc6

drupalcontent_construction_kitMatch6.x-2.0rc7

drupalcontent_construction_kitMatch6.x-2.0rc8

drupalcontent_construction_kitMatch6.x-2.0rc9

drupalcontent_construction_kitMatch6.x-2.1

AND

drupaldrupal

VendorProductVersionCPE
drupalcontent_construction_kit6.x-1.0cpe:2.3:a:drupal:content_construction_kit:6.x-1.0:*:*:*:*:*:*:*
drupalcontent_construction_kit6.x-1.0cpe:2.3:a:drupal:content_construction_kit:6.x-1.0:alpha:*:*:*:*:*:*
drupalcontent_construction_kit6.x-1.x-devcpe:2.3:a:drupal:content_construction_kit:6.x-1.x-dev:*:*:*:*:*:*:*
drupalcontent_construction_kit6.x-2.0cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:*:*:*:*:*:*:*
drupalcontent_construction_kit6.x-2.0cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:beta:*:*:*:*:*:*
drupalcontent_construction_kit6.x-2.0cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc1:*:*:*:*:*:*
drupalcontent_construction_kit6.x-2.0cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc10:*:*:*:*:*:*
drupalcontent_construction_kit6.x-2.0cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc2:*:*:*:*:*:*
drupalcontent_construction_kit6.x-2.0cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc3:*:*:*:*:*:*
drupalcontent_construction_kit6.x-2.0cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc4:*:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	content_construction_kit	6.x-1.0	cpe:2.3:a:drupal:content_construction_kit:6.x-1.0:::::::*
drupal	content_construction_kit	6.x-1.0	cpe:2.3:a:drupal:content_construction_kit:6.x-1.0:alpha::::::
drupal	content_construction_kit	6.x-1.x-dev	cpe:2.3:a:drupal:content_construction_kit:6.x-1.x-dev:::::::*
drupal	content_construction_kit	6.x-2.0	cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:::::::*
drupal	content_construction_kit	6.x-2.0	cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:beta::::::
drupal	content_construction_kit	6.x-2.0	cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc1::::::
drupal	content_construction_kit	6.x-2.0	cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc10::::::
drupal	content_construction_kit	6.x-2.0	cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc2::::::
drupal	content_construction_kit	6.x-2.0	cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc3::::::
drupal	content_construction_kit	6.x-2.0	cpe:2.3:a:drupal:content_construction_kit:6.x-2.0:rc4::::::