Description
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Request Forgery (3.8.9)
Oracle JRE CVE-2014-0456 Vulnerability (CVE-2014-0456)
WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (6.2.03)
WordPress Plugin WP Custom Admin Login Page Logo Unspecified Vulnerability (1.4.1)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.2.0 - 3.4.5)