PT-2019-18087 · Drupal · Drupal
Sam Thomas
·
Publicado
2019-03-20
·
Atualizado
2022-05-24
·
CVE-2019-6341
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal versions prior to 7.65
Drupal 8.6 versions prior to 8.6.13
Drupal 8.5 versions prior to 8.5.14
Description
The issue allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability under certain circumstances. This is related to the File module/subsystem.
Recommendations
For Drupal 7 versions prior to 7.65, update to version 7.65 or later.
For Drupal 8.6 versions prior to 8.6.13, update to version 8.6.13 or later.
For Drupal 8.5 versions prior to 8.5.14, update to version 8.5.14 or later.
As a temporary workaround, consider restricting file uploads to minimize the risk of exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Drupal