Description

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

Remediation

References

CVE-2019-6341

Related Vulnerabilities

MediaWiki CVE-2023-29141 Vulnerability (CVE-2023-29141)

Atlassian Jira CVE-2021-39121 Vulnerability (CVE-2021-39121)

WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time Cross-Site Scripting (0.8.4)

WordPress Plugin Custom Body Class Cross-Site Request Forgery (0.6.0)

WordPress Plugin CopySafe PDF Protection Arbitrary File Upload (0.6)

Severity

Medium

Classification

CVE-2019-6341 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities