Description
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
Remediation
References
Related Vulnerabilities
WordPress Plugin Catch Web Tools Security Bypass (2.6.6)
WordPress Plugin Easy Registration Forms Cross-Site Scripting (1.8.3)
Joomla CVE-2021-23132 Vulnerability (CVE-2021-23132)
WordPress Plugin PowerPress Podcasting by Blubrry Arbitrary File Upload (8.3.7)
b2evolution Credentials Management Errors Vulnerability (CVE-2016-9479)