Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-6341 - Vulnerability Database

Drupal

Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-6341

Medium

Reference: CVE-2019-6341

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-6341

Title: Drupal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

In Drupal 7 versions prior to 7.65 Drupal 8.6 versions prior to 8.6.13Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.