Lucene search

[email protected]NVD:CVE-2008-6533

HistoryMar 26, 2009 - 9:00 p.m.

CVE-2008-6533

2009-03-2621:00:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Affected configurations

Nvd

Node

drupaldrupalMatch5.0

drupaldrupalMatch5.1

drupaldrupalMatch5.2

drupaldrupalMatch5.3

drupaldrupalMatch5.4

drupaldrupalMatch5.5

drupaldrupalMatch5.6

drupaldrupalMatch5.7

drupaldrupalMatch5.8

drupaldrupalMatch5.9

drupaldrupalMatch5.10

drupaldrupalMatch5.11

drupaldrupalMatch5.12

drupaldrupalMatch6.0

drupaldrupalMatch6.1

drupaldrupalMatch6.2

drupaldrupalMatch6.3

drupaldrupalMatch6.4

drupaldrupalMatch6.5

drupaldrupalMatch6.6

References

drupal.org/node/345441

secunia.com/advisories/33112

secunia.com/advisories/33147

www.osvdb.org/50662

www.vupen.com/english/advisories/2008/3414

exchange.xforce.ibmcloud.com/vulnerabilities/47259

www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.html

www.redhat.com/archives/fedora-package-announce/2008-December/msg00767.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

Related for NVD:CVE-2008-6533

prion1 openvas2 nessus3 freebsd1 ubuntucve1 cve1 cvelist1