VYPR
Unrated severityNVD Advisory· Published Aug 13, 2009· Updated Jun 16, 2026

CVE-2008-6972

CVE-2008-6972

Description

Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

13
  • Yves Chedemois/Cck11 versions
    cpe:2.3:a:karen_stevenson:cck:5.x-1.0-beta:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:karen_stevenson:cck:5.x-1.0-beta:*:*:*:*:*:*:*
    • cpe:2.3:a:karen_stevenson:cck:5.x-1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:karen_stevenson:cck:5.x-1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:karen_stevenson:cck:5.x-1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:karen_stevenson:cck:5.x-1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:karen_stevenson:cck:5.x-1.x-dev:*:*:*:*:*:*:*
    • cpe:2.3:a:yves_chedemois:cck:5.x-1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:yves_chedemois:cck:5.x-1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:yves_chedemois:cck:5.x-1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:yves_chedemois:cck:5.x-1.6-1:*:*:*:*:*:*:*
    • cpe:2.3:a:yves_chedemois:cck:5.x-1.8:*:*:*:*:*:*:*
  • Drupal/CCKllm-create
    Range: 5.x through 5.x-1.8
  • Range: 5.x through 5.x-1.8

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.