Description

Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Remediation

References

CVE-2008-6533

Related Vulnerabilities

GlassFish CVE-2010-4438 Vulnerability (CVE-2010-4438)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-4661)

phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-9859)

WordPress Plugin Erident Custom Login and Dashboard Cross-Site Request Forgery (3.4.1)

Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1745)

Severity

Medium

Classification

CVE-2008-6533 CWE-707

Tags

Missing Update Known Vulnerabilities