CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Drupal: >> Content Construction Kit >> 5.2 Security Vulnerabilities

CVE-2007-4363

Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.

CVSS Score

4.3

EPSS Score

0.007

Published

2007-08-15

Page 1

Vulnerabilities

Vulnerable Software

Drupal: >> Content Construction Kit >> 5.2 Security Vulnerabilities

Products

Pricing

Contact Us