Description
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2020-16979 Vulnerability (CVE-2020-16979)
WordPress Plugin Securimage-WP Cross-Site Scripting (3.2.4)
Oracle JRE CVE-2022-21360 Vulnerability (CVE-2022-21360)
OpenSSL Cryptographic Issues Vulnerability (CVE-2006-4339)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5481)