CVE-2019-6341 Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004

2019-03-2618:04:37

drupal

www.cve.org

AI Score

5.4

Confidence

High

EPSS

0.682

Percentile

98.0%

JSON

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

CNA Affected

[
  {
    "product": "Drupal core",
    "vendor": "Drupal",
    "versions": [
      {
        "lessThan": "7.65",
        "status": "affected",
        "version": "Drupal 7 ",
        "versionType": "custom"
      },
      {
        "lessThan": "8.6.13",
        "status": "affected",
        "version": "Drupal 8.6",
        "versionType": "custom"
      },
      {
        "lessThan": "8.5.14",
        "status": "affected",
        "version": "Drupal 8.5",
        "versionType": "custom"
      }
    ]
  }
]