CVE-2008-6533
Drupal 5.x < 5.13 and 6.x < 6.7 - Cross-Site Scripting via Unfiltered Input Format Content
Title source: llmDescription
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
References (8)
Core 8
Core References
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00767.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3414
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33147
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33112
Patch, Vendor Advisory x_refsource_confirm
http://drupal.org/node/345441
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47259
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/50662
Scores
EPSS
0.0038
EPSS Percentile
59.7%
Details
CWE
CWE-79
Status
published
Products (20)
drupal/drupal
5.0
drupal/drupal
5.1
drupal/drupal
5.2
drupal/drupal
5.3
drupal/drupal
5.4
drupal/drupal
5.5
drupal/drupal
5.6
drupal/drupal
5.7
drupal/drupal
5.8
drupal/drupal
5.9
... and 10 more
Published
Mar 26, 2009
Tracked Since
Feb 18, 2026