Categories

Applications (222)
Blogs (7)
Content Management (148)
Customer Relationship (2)
Discussion Boards (29)
E-Commerce (14)
General Purpose Directories (2)
Image Galleries (18)
Mailing Lists (1)
Tips (3)
Vulnerabilities (337)
Access Bypass (50)
Cross Site Scripting (123)
Denial Of Service (2)
File Inclusion (51)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (16)
Session Hijacking (2)
SQL Injection (130)
« Remote command execution in Joomla! CMS
Drupal Modules Access Bypass »

Drupal Content Construction Kit Nodereference Module XSS

Published by David August 17th, 2007 in Cross Site Scripting.

Application: Drupal
Affected Version: Content Construction Kit (CCK) (third-party module) 4.7.x, 5.x
Vendor’s URL: http://drupal.org/
Bug Type: Cross site Scripts Injection
Risk Level: Critical

Solution:
- Install the latest CCK release corresponding to your Drupal version :
* CCK 4.7.x-1.6.
* CCK 5.x-1.6.

0 Responses to “Drupal Content Construction Kit Nodereference Module XSS”

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply

You must login to post a comment.

« Remote command execution in Joomla! CMS
Drupal Modules Access Bypass »

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional