Description
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Remediation
References
Related Vulnerabilities
GlassFish CVE-2010-4438 Vulnerability (CVE-2010-4438)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-9859)
WordPress Plugin Erident Custom Login and Dashboard Cross-Site Request Forgery (3.4.1)
Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1745)