CVE-2008-6229

Published Feb 20, 2009

Last updated 8 years ago

CVSS info 3.5

Overview

Description: Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2D632D3-8707-40BD-A740-3AAAA0C53EF1"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44466627-C95C-489F-92EA-BDA63C0EAFB2"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0233097D-E718-4FD4-8002-E79EB5B39988"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4ECE1A46-1146-472D-9EEA-8756ED9F5029"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC3FC32E-B848-4137-9D8D-39D441EA5662"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "504DB2C5-3851-4835-BA5A-99C2FC750D11"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5E2DC36-DAB0-4A4F-9723-C1BF3FAB9C91"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0225D4C0-845F-40E1-8BD4-86FDD6C6093F"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF4E97F2-9C42-44B1-B1F1-F287559E1411"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59EF5F40-38CF-4C24-A5D8-9170FE67B10D"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F232DC06-66E8-4F4B-9EA8-C394325E7A20"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:5.x-1.x-dev:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBC14F31-2486-40A6-8554-2E7399E20715"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C311CE79-DE50-498A-95B6-0B9F3992A2F8"
          },
          {
            "criteria": "cpe:2.3:a:drupal:content_construction_kit:6.x-1.x-dev:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2884977-8DFE-4488-BD6E-E17FC1781DAD"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References