Description

Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Remediation

References

CVE-2008-6533

Related Vulnerabilities

Drupal Core 4.5.x Multiple Vulnerabilities (4.5.0 - 4.5.5)

Atlassian Jira CVE-2020-36237 Vulnerability (CVE-2020-36237)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3827)

CakePHP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8379)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.8)

Severity

Medium

Classification

CVE-2008-6533 CWE-707

Tags

Missing Update Known Vulnerabilities