Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004
CVE-2019-6341
5.4MEDIUM
Summary
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
Affected Version(s)
Drupal core < 7.65
Drupal core < 8.6.13
Drupal core < 8.5.14
EPSS Score
65% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database