In Drupal 7 versions before 7.65; Drupal 8.6 versions before 8.6.13;Drupal 8.5 versions before 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal drupal |
||
debian debian linux 8.0 |
||
fedoraproject fedora 28 |
||
fedoraproject fedora 29 |