2 matches found
CVE-2024-13294
CVE-2024-13294 concerns the Drupal POST File module, where improper neutralization of input during web page generation enables Cross-Site Scripting (XSS). Affected versions are 0.0.0 through 1.0.2. The root cause is input handling in the POST File endpoint; exploitation could permit user-controll...
CVE-2024-13293
CVE-2024-13293 is a CSRF vulnerability in the Drupal POST File module affecting versions 0.0.0 through 1.0.2. The issue enables unauthenticated CSRF attacks by abusing a POST /postfile/upload endpoint to trick users into performing unintended actions. Related disclosures cite SA-CONTRIB-2024-059 ...