Unrated severityNVD Advisory· Published Aug 13, 2009· Updated Apr 23, 2026
CVE-2008-6972
CVE-2008-6972
Description
Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings.
Affected products
11cpe:2.3:a:karen_stevenson:cck:5.x-1.0-beta:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:karen_stevenson:cck:5.x-1.0-beta:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:cck:5.x-1.1:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:cck:5.x-1.2:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:cck:5.x-1.3:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:cck:5.x-1.7:*:*:*:*:*:*:*
- cpe:2.3:a:karen_stevenson:cck:5.x-1.x-dev:*:*:*:*:*:*:*
cpe:2.3:a:yves_chedemois:cck:5.x-1.4:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:yves_chedemois:cck:5.x-1.4:*:*:*:*:*:*:*
- cpe:2.3:a:yves_chedemois:cck:5.x-1.5:*:*:*:*:*:*:*
- cpe:2.3:a:yves_chedemois:cck:5.x-1.6:*:*:*:*:*:*:*
- cpe:2.3:a:yves_chedemois:cck:5.x-1.6-1:*:*:*:*:*:*:*
- cpe:2.3:a:yves_chedemois:cck:5.x-1.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- drupal.org/node/304093nvdPatchVendor Advisory
- secunia.com/advisories/31757nvdVendor Advisory
- osvdb.org/47929nvd
- www.securityfocus.com/bid/31027nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/44915nvd
News mentions
0No linked articles in our index yet.