CVE-2008-6533

Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Published: Mar 26, 2009
Updated: Apr 13, 2023
CVE: CVE-2008-6533
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
drupal / drupal	5.10	5.10.x
drupal / drupal	5.4	5.4.x
drupal / drupal	6.2	6.2.x
drupal / drupal	5.12	5.12.x
drupal / drupal	5.2	5.2.x
drupal / drupal	5.7	5.7.x
drupal / drupal	6.4	6.4.x
drupal / drupal	5.0	5.0.x
drupal / drupal	6.1	6.1.x
drupal / drupal	5.6	5.6.x
drupal / drupal	5.1	5.1.x
drupal / drupal	6.5	6.5.x
drupal / drupal	5.5	5.5.x
drupal / drupal	6.6	6.6.x
drupal / drupal	6.0	6.0.x
drupal / drupal	5.9	5.9.x
drupal / drupal	5.8	5.8.x
drupal / drupal	5.3	5.3.x
drupal / drupal	6.3	6.3.x
drupal / drupal	5.11	5.11.x

Vulnerability Database

289,784

CVE-2008-6533