Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation16 reference(s) from NVD