3 matches found
CVE-2024-3190
The Unlimited Elements For Elementor Free Widgets, Addons, Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text field widget in all versions up to, and including, 1.5.107 due to insufficient input sanitization and output escaping on user supplied...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the nodereference module in Drupal Content Construction Kit CCK before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using 1 the plain formatter or 2 the...
CVE-2007-4363
CVE-2007-4363 affects the Drupal Content Construction Kit (CCK) nodereference module. The vulnerability exists in nodereference fields when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module, allowing remote attackers to inject arbitrary web script or HTM...