WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6533)

Description

Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Remediation

References

Related Vulnerabilities

WordPress Plugin File Manager Multiple Vulnerabilities (4.8)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5833)

WordPress Plugin Campaign Press Cross-Site Scripting (1.0.5)

WordPress Plugin WP Maintenance Mode Remote Code Execution (2.0.6)

WordPress Plugin Jigoshop-Store Toolkit Privilege Escalation (1.3.8)

Severity

Medium

Classification

CVE-2008-6533 CWE-707

Tags

Missing Update Known Vulnerabilities