10 matches found
Drupal Core file_create_filename Stored Cross-Site Scripting (CVE-2019-6341)
A stored cross-site scripting vulnerability exists in the File module of Drupal Core. The vulnerability is due to improper handling of the filename parameter provided for file uploads to the File module. Successful exploitation could result in the execution of arbitrary script code...
Security Bulletin: IBM API Connect Developer Portal is impacted by Cross Site Scripting(XSS) in Drupal core (CVE-2019-6341)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: Not Applicable DESCRIPTION: AddToAny Share Buttons Module for Drupal is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could...
Fedora 29 : drupal7 (2019-35589cfcb5)
https://www.drupal.org/project/drupal/releases/7.65 - https://www.drupal.org/SA-CORE-2019-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...
Fedora 28 : drupal7 (2019-2fbce03df3)
https://www.drupal.org/project/drupal/releases/7.65 - https://www.drupal.org/SA-CORE-2019-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...
Fedora 28 : drupal8 (2019-79bd99f9a8)
https://www.drupal.org/project/drupal/releases/8.6.13 - https://www.drupal.org/SA-CORE-2019-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...
Fedora 29 : drupal8 (2019-1d9be4b853)
https://www.drupal.org/project/drupal/releases/8.6.13 - https://www.drupal.org/SA-CORE-2019-004 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...
CVE-2019-6341
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...
CVE-2019-6341
Drupal core File module allows stored cross-site scripting due to improper handling of the filename parameter during uploads. Affected versions are Drupal 7 prior to 7.65; Drupal 8.6 prior to 8.6.13; Drupal 8.5 prior to 8.5.14. Exploitation could lead to executing arbitrary script code in the con...
Drupal XSS Vulnerability (SA-CORE-2019-004) - Windows
Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Drupal XSS Vulnerability (SA-CORE-2019-004) - Linux
Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...