Description
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.
Remediation
References
Related Vulnerabilities
WordPress Plugin Slick Popup:Contact Form 7 Popup Privilege Escalation (1.7.1)
WordPress Plugin Easy WP SMTP Cross-Site Scripting (1.2.4)
WordPress Plugin WP Smart Image II Cross-Site Scripting (0.2)
Apache Tomcat CVE-2019-2684 Vulnerability (CVE-2019-2684)
Oracle Application Server CVE-2008-7235 Vulnerability (CVE-2008-7235)