This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Drupal CCK plugin developer reports :
The Node reference and User reference sub-modules, which are part of
the Content Construction Kit (CCK) project, lets administrators define
node fields that are references to other nodes or to users. When
displaying a node edit form, the titles of candidate referenced nodes
or names of candidate referenced users are not properly filtered,
allowing malicious users to inject arbitrary code on those pages. Such
a cross site scripting (XSS) attack may lead to a malicious user
gaining full administrative access.
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true