Description

Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Remediation

References

CVE-2008-6533

Related Vulnerabilities

PostgreSQL CVE-2017-7548 Vulnerability (CVE-2017-7548)

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3042)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2011-0708)

MySQL CVE-2019-2731 Vulnerability (CVE-2019-2731)

Oracle JRE CVE-2011-3563 Vulnerability (CVE-2011-3563)

Severity

Medium

Classification

CVE-2008-6533 CWE-707

Tags

Missing Update Known Vulnerabilities