4.3

CVE-2007-4363

Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.28% 0.808
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://drupal.org/node/166992
http://drupal.org/node/166994
http://drupal.org/node/166998
http://osvdb.org/37208
http://osvdb.org/37209
http://secunia.com/advisories/26416
Patch
Vendor Advisory
http://www.securityfocus.com/bid/25321
http://www.vupen.com/english/advisories/2007/2876
https://exchange.xforce.ibmcloud.com/vulnerabilities/36000
https://exchange.xforce.ibmcloud.com/vulnerabilities/36002