← Back to CVEs

CVE-2019-6341

N/A

Description

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

CVE Details

CVSS v3.1 ScoreN/A

Published3/26/2019

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

debian:debian_linuxdrupal:drupalfedoraproject:fedora

Weaknesses (CWE)

CWE-79

References

https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html(mlhess@drupal.org)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/(mlhess@drupal.org)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/(mlhess@drupal.org)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/(mlhess@drupal.org)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/(mlhess@drupal.org)

https://www.drupal.org/sa-core-2019-004(mlhess@drupal.org)

https://www.synology.com/security/advisory/Synology_SA_19_13(mlhess@drupal.org)

https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/(af854a3a-2127-422b-91ae-364da2661108)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/(af854a3a-2127-422b-91ae-364da2661108)

https://www.drupal.org/sa-core-2019-004(af854a3a-2127-422b-91ae-364da2661108)

https://www.synology.com/security/advisory/Synology_SA_19_13(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.