Yves Chedemois : Security Vulnerabilities, CVEs, Published In 2009
Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings.
Max CVSS
3.5
EPSS Score
0.11%
Published
2009-08-13
Updated
2017-08-17
1 vulnerabilities found