WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6533)

Description

Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Remediation

References

Related Vulnerabilities

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3483)

WordPress Plugin 360 Product Viewer Cross-Site Scripting (2.5.1)

WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Open Redirect (1.85)

LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16183)

Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-0248)

Severity

Medium

Classification

CVE-2008-6533 CWE-707

Tags

Missing Update Known Vulnerabilities