CVE-2008-6533

CVSS V2 Medium 4.3 CVSS V3 None
Description
Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Overview
  • CVE ID
  • CVE-2008-6533
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-03-26T21:00:00
  • Last Modified Date
  • 2017-08-17T01:29:22
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:5.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:5.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:5.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:5.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:5.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:5.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:5.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:5.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:5.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://drupal.org/node/345441 Patch Vendor Advisory
http://secunia.com/advisories/33112 Vendor Advisory
http://www.osvdb.org/50662
http://www.vupen.com/english/advisories/2008/3414
http://secunia.com/advisories/33147
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00767.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00740.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/47259
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2008-6533
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6533
History
Created Old Value New Value Data Type Notes
2022-05-10 09:02:17 Added to TrackCVE