Description
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress 6.1.x Cross-Site Scripting (6.1 - 6.1.5)
Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.3)
Lighttpd Integer Overflow or Wraparound Vulnerability (CVE-2019-11072)
WordPress Plugin Invite Anyone Security Bypass (1.3.14)
WordPress Plugin Enable Media Replace Arbitrary File Upload (4.0.1)