4.3
CVE-2007-4363
- EPSS 2.28%
- Veröffentlicht 15.08.2007 19:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:56
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Drupal ≫ Content Construction Kit Version4.7
Drupal ≫ Content Construction Kit Version5.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.28% | 0.808 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://drupal.org/node/166992
http://drupal.org/node/166994
http://drupal.org/node/166998
http://osvdb.org/37208
http://osvdb.org/37209
http://secunia.com/advisories/26416
http://www.securityfocus.com/bid/25321
http://www.vupen.com/english/advisories/2007/2876
https://exchange.xforce.ibmcloud.com/vulnerabilities/36000
https://exchange.xforce.ibmcloud.com/vulnerabilities/36002