Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) prior to 4.7.x-1.6, and 5.x prior to 5.x-1.6 ,allow remote malicious users to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal content construction kit 4.7 |
||
drupal content construction kit 5.2 |