First published: Wed Mar 20 2019(Updated: )
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File `module/subsystem` allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
Credit: mlhess@drupal.org mlhess@drupal.org mlhess@drupal.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/drupal/core | >=7.0.0<7.65.0>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.5.14>=8.6.0<8.6.13 | |
composer/drupal/drupal | >=7.0.0<7.65.0>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.5.14>=8.6.0<8.6.13 | |
Drupal Drupal | >=7.0<7.65 | |
Drupal Drupal | >=8.5.0<8.5.14 | |
Drupal Drupal | >=8.6.0<8.6.13 | |
Debian Debian Linux | =8.0 | |
Fedoraproject Fedora | =28 | |
Fedoraproject Fedora | =29 | |
composer/drupal/drupal | >=8.6.0<8.6.13 | 8.6.13 |
composer/drupal/drupal | >=8.0.0<8.5.14 | 8.5.14 |
composer/drupal/drupal | >=7.0.0<7.65.0 | 7.65.0 |
composer/drupal/core | >=8.6.0<8.6.13 | 8.6.13 |
composer/drupal/core | >=8.0.0<8.5.14 | 8.5.14 |
composer/drupal/core | >=7.0.0<7.65.0 | 7.65.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.