CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-4363

Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 77.5%

CVSS Severity

CVSS v2 Score 4.3

References

http://drupal.org/node/166992
http://drupal.org/node/166994
http://drupal.org/node/166998
http://osvdb.org/37208
http://osvdb.org/37209
http://secunia.com/advisories/26416
http://www.securityfocus.com/bid/25321
http://www.vupen.com/english/advisories/2007/2876
https://exchange.xforce.ibmcloud.com/vulnerabilities/36000
https://exchange.xforce.ibmcloud.com/vulnerabilities/36002
http://drupal.org/node/166992
http://drupal.org/node/166994
http://drupal.org/node/166998
http://osvdb.org/37208
http://osvdb.org/37209
http://secunia.com/advisories/26416
http://www.securityfocus.com/bid/25321
http://www.vupen.com/english/advisories/2007/2876
https://exchange.xforce.ibmcloud.com/vulnerabilities/36000
https://exchange.xforce.ibmcloud.com/vulnerabilities/36002

Products affected by CVE-2007-4363

Drupal » Content Construction Kit » Version: 4.7

cpe:2.3:a:drupal:content_construction_kit:4.7
Drupal » Content Construction Kit » Version: 5.2

cpe:2.3:a:drupal:content_construction_kit:5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-4363

Products

Pricing

Contact Us