CVE-2009-1069

Drupal CCK for Drupal 6.x contains XSS in node and user reference sub-modules (node titles and user names on the node edit form). Root cause: insufficient filtering of candidate references, enabling injection of arbitrary script/HTML. Affected: Drupal Content Construction Kit (CCK) 6.x prior to 6...

CVE-2007-4363

CVE-2007-4363 affects the Drupal Content Construction Kit (CCK) nodereference module. The vulnerability exists in nodereference fields when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module, allowing remote attackers to inject arbitrary web script or HTM...

CVE-2008-6229

CVE-2008-6229 is a browser-based XSS vulnerability in the Drupal Content Construction Kit (CCK) module. The issue affects Drupal CCK 5.x prior to 5.x-1.10 and 6.x prior to 6.x-2.0, where remote authenticated users with the admin:ister content permission can inject arbitrary script/HTML via (1) fi...