Back to search
CVE-2019-6341
Published: Mar 26, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
| Vendor | Product | Versions |
|---|---|---|
Drupal | Drupal core | affected Drupal 7 - < 7.65affected Drupal 8.6 - < 8.6.13affected Drupal 8.5 - < 8.5.14 |
References
https://www.drupal.org/sa-core-2019-004
x_refsource_CONFIRM
[debian-lts-announce] 20190401 [SECURITY] [DLA 1746-1] drupal7 security update
mailing-list
x_refsource_MLIST
https://www.synology.com/security/advisory/Synology_SA_19_13
x_refsource_CONFIRM
FEDORA-2019-79bd99f9a8
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-2fbce03df3
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-35589cfcb5
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-1d9be4b853
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now