CVE-2008-6533

Sažetak

Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Reference

http://drupal.org/node/345441
http://secunia.com/advisories/33112
http://secunia.com/advisories/33147
http://www.osvdb.org/50662
http://www.vupen.com/english/advisories/2008/3414
https://exchange.xforce.ibmcloud.com/vulnerabilities/47259
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00767.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:29

Objavljeno

26-03-2009 - 21:00