CVE 2008-6533
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Related bugs and status
CVE-2008-6533 (Candidate) is related to these bugs:
Bug #352644: generally unsecure drupal5 packages
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
352644 | generally unsecure drupal5 packages | drupal5 (Ubuntu) | Undecided | Invalid |
Bug #431080: Fix critical security issues in drupal packages
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
431080 | Fix critical security issues in drupal packages | drupal5 (Ubuntu) | Undecided | Fix Released | ||
431080 | Fix critical security issues in drupal packages | drupal5 (Ubuntu Hardy) | Undecided | Fix Released | ||
431080 | Fix critical security issues in drupal packages | drupal5 (Ubuntu Intrepid) | Undecided | Fix Released | ||
431080 | Fix critical security issues in drupal packages | drupal5 (Ubuntu Jaunty) | Undecided | Fix Released | ||
431080 | Fix critical security issues in drupal packages | drupal5 (Ubuntu Karmic) | Undecided | Fix Released | ||
431080 | Fix critical security issues in drupal packages | drupal5 (Debian) | Unknown | Fix Released | ||
431080 | Fix critical security issues in drupal packages | drupal6 (Ubuntu) | Undecided | Fix Released | ||
431080 | Fix critical security issues in drupal packages | drupal6 (Ubuntu Hardy) | Undecided | Invalid | ||
431080 | Fix critical security issues in drupal packages | drupal6 (Ubuntu Intrepid) | Undecided | Invalid | ||
431080 | Fix critical security issues in drupal packages | drupal6 (Ubuntu Jaunty) | Undecided | Fix Released | ||
431080 | Fix critical security issues in drupal packages | drupal6 (Ubuntu Karmic) | Undecided | Fix Released | ||
431080 | Fix critical security issues in drupal packages | drupal6 (Debian) | Unknown | Fix Released |
See the
CVE page on Mitre.org
for more details.