Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6533

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6533
Last Modified 25 Apr 2009 01:40:32
Published 26 Mar 2009 05:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6533

Summary

Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Vulnerable Systems

Application

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.10

  • Drupal 5.11

  • Drupal 5.12

  • Drupal 5.2

  • Drupal 5.3

  • Drupal 5.4

  • Drupal 5.5

  • Drupal 5.6

  • Drupal 5.7

  • Drupal 5.8

  • Drupal 5.9

  • Drupal 6.0

  • Drupal 6.1

  • Drupal 6.2

  • Drupal 6.3

  • Drupal 6.4

  • Drupal 6.5

  • Drupal 6.6


References

CONFIRM - http://drupal.org/node/345441

FEDORA - FEDORA-2008-11213

FEDORA - FEDORA-2008-11196

XF - drupal-htmltags-xss(47259)

VUPEN - ADV-2008-3414

OSVDB - 50662

SECUNIA - 33147

SECUNIA - 33112


Last Updated: 27 May 2016 10:49:14