CVE-2019-6341
Description
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
CWE
- (none)
Affected
- Drupal / Drupal core — v=Drupal 7 <7.65 [affected]; v=Drupal 8.6 <8.6.13 [affected]; v=Drupal 8.5 <8.5.14 [affected]
CVSS
- (none)
References
- https://www.drupal.org/sa-core-2019-004 x_refsource_CONFIRM
- https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html mailing-list, x_refsource_MLIST
- https://www.synology.com/security/advisory/Synology_SA_19_13 x_refsource_CONFIRM
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/ vendor-advisory, x_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/ vendor-advisory, x_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/ vendor-advisory, x_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/ vendor-advisory, x_refsource_FEDORA
Source
cvelistV5-main/cves/2019/6xxx/CVE-2019-6341.json