FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- Drupal core - Moderately critical - Cross Site Scripting

Affected packages
drupal7 < 7.65
drupal8 < 8.6.13

Details

VuXML ID 94d63fd7-508b-11e9-9ba0-4c72b94353b5
Discovery 2019-03-20
Entry 2019-03-27
Modified 2019-03-28

Drupal Security Team reports:

Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

References

CVE Name CVE-2019-6341
URL https://www.drupal.org/project/drupal/releases/7.65
URL https://www.drupal.org/project/drupal/releases/8.6.13
URL https://www.drupal.org/SA-CORE-2019-004