CVE-2009-1069

Name of the Vulnerable Software and Affected Versions Drupal Content Construction Kit (CCK) versions 6.x before 6.x-2.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature of the Drupal Content Construction Kit (CCK) module. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the titles of candidate referenced nodes in the Node reference sub-module and the names of candidate referenced users in the User reference sub-module.

Recommendations For versions prior to 6.x-2.2, update to version 6.x-2.2 or later to resolve the issue.