Описание
Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:a:karen_stevenson:cck:5.x-1.0-beta:*:*:*:*:*:*:*
cpe:2.3:a:karen_stevenson:cck:5.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:karen_stevenson:cck:5.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:karen_stevenson:cck:5.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:karen_stevenson:cck:5.x-1.7:*:*:*:*:*:*:*
cpe:2.3:a:karen_stevenson:cck:5.x-1.x-dev:*:*:*:*:*:*:*
cpe:2.3:a:yves_chedemois:cck:5.x-1.4:*:*:*:*:*:*:*
cpe:2.3:a:yves_chedemois:cck:5.x-1.5:*:*:*:*:*:*:*
cpe:2.3:a:yves_chedemois:cck:5.x-1.6:*:*:*:*:*:*:*
cpe:2.3:a:yves_chedemois:cck:5.x-1.6-1:*:*:*:*:*:*:*
cpe:2.3:a:yves_chedemois:cck:5.x-1.8:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00156
Низкий
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
около 3 лет назад
Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings.
EPSS
Процентиль: 37%
0.00156
Низкий
3.5 Low
CVSS2
Дефекты
CWE-79