File Upload XSS Vulnerability in Drupal 7 and Drupal 8

CVE-2019-6341 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

Learn more about our User Device Pen Test.