What is the severity of CVE-2019-6341?

CVE-2019-6341 has been rated as a moderate severity vulnerability.

How do I fix CVE-2019-6341?

To fix CVE-2019-6341, upgrade Drupal to version 7.65, 8.5.14, or 8.6.13 or later.

What systems are affected by CVE-2019-6341?

CVE-2019-6341 affects Drupal 7 versions prior to 7.65, Drupal 8.5 versions prior to 8.5.14, and Drupal 8.6 versions prior to 8.6.13.

Can CVE-2019-6341 lead to data compromise?

Yes, CVE-2019-6341 can allow an attacker to upload malicious files leading to potential data compromise.

What type of vulnerability is CVE-2019-6341?

CVE-2019-6341 is a cross-site scripting (XSS) vulnerability that can be exploited under certain conditions.

Vulnerability/
CVE-2019-6341

medium

5.4

CWE

20/3/2019

26/3/2019

21/11/2024

CVE-2019-6341: Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004

First published: Wed Mar 20 2019(Updated: )

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File `module/subsystem` allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

Credit: mlhess@drupal.org mlhess@drupal.org mlhess@drupal.org

Affected Software	Affected Version	How to fix
composer/drupal/core	>=7.0.0<7.65.0>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.5.14>=8.6.0<8.6.13
composer/drupal/drupal	>=7.0.0<7.65.0>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.5.14>=8.6.0<8.6.13
composer/drupal/drupal	>=8.6.0<8.6.13	8.6.13
composer/drupal/drupal	>=8.0.0<8.5.14	8.5.14
composer/drupal/drupal	>=7.0.0<7.65.0	7.65.0
composer/drupal/core	>=8.6.0<8.6.13	8.6.13
composer/drupal/core	>=8.0.0<8.5.14	8.5.14
composer/drupal/core	>=7.0.0<7.65.0	7.65.0
Drupal	>=7.0<7.65
Drupal	>=8.5.0<8.5.14
Drupal	>=8.6.0<8.6.13
Debian	=8.0
Fedora	=28
Fedora	=29

Remedy

https://www.drupal.org/sa-core-2019-004

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-6341?
CVE-2019-6341 has been rated as a moderate severity vulnerability.
How do I fix CVE-2019-6341?
To fix CVE-2019-6341, upgrade Drupal to version 7.65, 8.5.14, or 8.6.13 or later.
What systems are affected by CVE-2019-6341?
CVE-2019-6341 affects Drupal 7 versions prior to 7.65, Drupal 8.5 versions prior to 8.5.14, and Drupal 8.6 versions prior to 8.6.13.
Can CVE-2019-6341 lead to data compromise?
Yes, CVE-2019-6341 can allow an attacker to upload malicious files leading to potential data compromise.
What type of vulnerability is CVE-2019-6341?
CVE-2019-6341 is a cross-site scripting (XSS) vulnerability that can be exploited under certain conditions.

collector/friends-of-php
agent/type
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-cmmh-8mwp-gq5p
alias/CVE-2019-6341
agent/software-canonical-lookup
agent/remedy
agent/references
agent/severity
agent/weakness
agent/description
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/title
agent/author
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
collector/nvd-cve
collector/nvd-index
package-manager/composer
vendor/drupal
canonical/drupal
version/drupal/7.0
version/drupal/8.5.0
version/drupal/8.6.0
vendor/debian
canonical/debian
version/debian/8.0
vendor/fedoraproject
canonical/fedora
version/fedora/28
version/fedora/29