CVE-2019-6341

Summary

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
DrupalDrupal coreDrupal 7 < 7.65affected
DrupalDrupal coreDrupal 8.6 < 8.6.13affected
DrupalDrupal coreDrupal 8.5 < 8.5.14affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References