CVE-2008-6533

Publication date 26 March 2009

Last updated 24 July 2024

Description

Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
drupal5	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 5.10-1ubuntu1.1
	8.04 LTS hardy	Fixed 5.7-1ubuntu1.2
	7.10 gutsy	Ignored end of life, was needed
	6.06 LTS dapper	Not in release
drupal6	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

SA-2008-073

References

MITRE
NVD
Launchpad
Debian

Other references

http://drupal.org/node/345441
https://www.cve.org/CVERecord?id=CVE-2008-6533