CVE-2008-6229
Published Feb 20, 2009
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2D632D3-8707-40BD-A740-3AAAA0C53EF1"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.0:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44466627-C95C-489F-92EA-BDA63C0EAFB2"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0233097D-E718-4FD4-8002-E79EB5B39988"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4ECE1A46-1146-472D-9EEA-8756ED9F5029"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC3FC32E-B848-4137-9D8D-39D441EA5662"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "504DB2C5-3851-4835-BA5A-99C2FC750D11"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5E2DC36-DAB0-4A4F-9723-C1BF3FAB9C91"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0225D4C0-845F-40E1-8BD4-86FDD6C6093F"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF4E97F2-9C42-44B1-B1F1-F287559E1411"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59EF5F40-38CF-4C24-A5D8-9170FE67B10D"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F232DC06-66E8-4F4B-9EA8-C394325E7A20"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.x-dev:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBC14F31-2486-40A6-8554-2E7399E20715"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C311CE79-DE50-498A-95B6-0B9F3992A2F8"
},
{
"criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-1.x-dev:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2884977-8DFE-4488-BD6E-E17FC1781DAD"
}
],
"operator": "OR"
}
]
}
]