Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal模块节点编辑排列特征跨站脚本攻击漏洞
Vulnerability Description
Content Construction Kit(CCK)是开源内容管理系统Drupal所使用的模块,用于向节点添加自定义字段。 Drupal Content Construction Kit (CCK) 6.x-2.2版本之前的6.x版本的节点编辑排列特征中存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)节点参考次级模块中的候选参考节点的标题和(2)用户参考次级模块的候选参考用户名,注入任意web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A