Lucene search

MitreCVE-2008-6972

HistoryAug 13, 2009 - 4:30 p.m.

CVE-2008-6972

2009-08-1316:30:01

CWE-79

mitre

web.nvd.nist.gov

cve-2008-6972

drupal

cck

xss

remote authenticated

admin permissions

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

43.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with “administer content” permissions to inject arbitrary web script or HTML via the (1) “field label,” (2) “help text,” or (3) “allowed values” settings.

Affected configurations

Nvd

Node

drupaldrupal

AND

karen_stevensoncckMatch5.x-1.0-beta

karen_stevensoncckMatch5.x-1.1

karen_stevensoncckMatch5.x-1.2

karen_stevensoncckMatch5.x-1.3

karen_stevensoncckMatch5.x-1.7

karen_stevensoncckMatch5.x-1.x-dev

yves_chedemoiscckMatch5.x-1.4

yves_chedemoiscckMatch5.x-1.5

yves_chedemoiscckMatch5.x-1.6

yves_chedemoiscckMatch5.x-1.6-1

yves_chedemoiscckMatch5.x-1.8

VendorProductVersionCPE
drupaldrupal*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
karen_stevensoncck5.x-1.0-betacpe:2.3:a:karen_stevenson:cck:5.x-1.0-beta:*:*:*:*:*:*:*
karen_stevensoncck5.x-1.1cpe:2.3:a:karen_stevenson:cck:5.x-1.1:*:*:*:*:*:*:*
karen_stevensoncck5.x-1.2cpe:2.3:a:karen_stevenson:cck:5.x-1.2:*:*:*:*:*:*:*
karen_stevensoncck5.x-1.3cpe:2.3:a:karen_stevenson:cck:5.x-1.3:*:*:*:*:*:*:*
karen_stevensoncck5.x-1.7cpe:2.3:a:karen_stevenson:cck:5.x-1.7:*:*:*:*:*:*:*
karen_stevensoncck5.x-1.x-devcpe:2.3:a:karen_stevenson:cck:5.x-1.x-dev:*:*:*:*:*:*:*
yves_chedemoiscck5.x-1.4cpe:2.3:a:yves_chedemois:cck:5.x-1.4:*:*:*:*:*:*:*
yves_chedemoiscck5.x-1.5cpe:2.3:a:yves_chedemois:cck:5.x-1.5:*:*:*:*:*:*:*
yves_chedemoiscck5.x-1.6cpe:2.3:a:yves_chedemois:cck:5.x-1.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	drupal	*	cpe:2.3:a:drupal:drupal::::::::
karen_stevenson	cck	5.x-1.0-beta	cpe:2.3:a:karen_stevenson:cck:5.x-1.0-beta:::::::*
karen_stevenson	cck	5.x-1.1	cpe:2.3:a:karen_stevenson:cck:5.x-1.1:::::::*
karen_stevenson	cck	5.x-1.2	cpe:2.3:a:karen_stevenson:cck:5.x-1.2:::::::*
karen_stevenson	cck	5.x-1.3	cpe:2.3:a:karen_stevenson:cck:5.x-1.3:::::::*
karen_stevenson	cck	5.x-1.7	cpe:2.3:a:karen_stevenson:cck:5.x-1.7:::::::*
karen_stevenson	cck	5.x-1.x-dev	cpe:2.3:a:karen_stevenson:cck:5.x-1.x-dev:::::::*
yves_chedemois	cck	5.x-1.4	cpe:2.3:a:yves_chedemois:cck:5.x-1.4:::::::*
yves_chedemois	cck	5.x-1.5	cpe:2.3:a:yves_chedemois:cck:5.x-1.5:::::::*
yves_chedemois	cck	5.x-1.6	cpe:2.3:a:yves_chedemois:cck:5.x-1.6:::::::*

Rows per page:

1-10 of 121

References

drupal.org/node/304093

osvdb.org/47929

secunia.com/advisories/31757

www.securityfocus.com/bid/31027

exchange.xforce.ibmcloud.com/vulnerabilities/44915

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

43.9%

JSON

Related for CVE-2008-6972