2019-03-26 19:29:01 2019-05-16 04:29:00

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

Vector

NETWORK

Complexity

MEDIUM

Authentication

SINGLE_INSTANCE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Drupal Drupal 8.6.0 Beta2 (not an official CPE) Drupal Drupal 8.6.0 Beta1 (not an official CPE) Drupal Drupal 8.6.0 Alpha1 (not an official CPE) Drupal Drupal 8.6.0 - (not an official CPE) Drupal Drupal 8.6.0 (not an official CPE) Drupal Drupal 8.5.13 (not an official CPE) Drupal Drupal 8.5.12 (not an official CPE) Drupal Drupal 8.5.11 (not an official CPE) Drupal Drupal 8.5.10 (not an official CPE) Drupal Drupal 8.5.9 (not an official CPE) Drupal Drupal 8.5.8 (not an official CPE) Drupal Drupal 8.5.7 (not an official CPE) Drupal Drupal 8.5.6 (not an official CPE) Drupal Drupal 8.5.5 (not an official CPE) Drupal Drupal 8.5.4 (not an official CPE) Drupal Drupal 8.5.3 (not an official CPE) Drupal Drupal 8.5.2 (not an official CPE) Drupal Drupal 8.5.1 (not an official CPE) Drupal Drupal 8.5.0 Rc1 (not an official CPE) Drupal Drupal 8.5.0 Beta1 (not an official CPE) Drupal Drupal 8.5.0 Alpha1 (not an official CPE) Drupal Drupal 8.5.0 - (not an official CPE) Drupal Drupal 8.5.0 (not an official CPE) Drupal Drupal 7.64 (not an official CPE) Drupal Drupal 7.63 (not an official CPE) Drupal Drupal 7.62 (not an official CPE) Drupal Drupal 7.61 (not an official CPE) Drupal Drupal 7.60 (not an official CPE) Drupal Drupal 7.59 (not an official CPE) Drupal Drupal 7.58 (not an official CPE) Drupal Drupal 7.57 (not an official CPE) Drupal Drupal 7.56 (not an official CPE) Drupal Drupal 7.55 (not an official CPE) Drupal Drupal 7.54 (not an official CPE) Drupal Drupal 7.53 (not an official CPE) Drupal Drupal 7.52 (not an official CPE) Drupal Drupal 7.51 (not an official CPE) Drupal Drupal 7.50 (not an official CPE) Drupal Drupal 7.44 (not an official CPE) Drupal Drupal 7.43 (not an official CPE) Drupal Drupal 7.42 (not an official CPE) Drupal Drupal 7.41 (not an official CPE) Drupal Drupal 7.40 (not an official CPE) Drupal Drupal 7.39 (not an official CPE) Drupal Drupal 7.38 Drupal 7.37 Drupal 7.36 Drupal 7.35 Drupal 7.34 Drupal 7.33 Drupal Drupal 7.32 (not an official CPE) Drupal Drupal 7.31 (not an official CPE) Drupal 7.30 Drupal 7.29 Drupal 7.28 Drupal 7.27 Drupal 7.26 Drupal 7.25 Drupal 7.24 Drupal 7.23 Drupal 7.22 Drupal 7.21 Drupal 7.20 Drupal 7.19 Drupal 7.18 Drupal 7.17 Drupal 7.16 Drupal 7.15 Drupal 7.14 Drupal 7.13 Drupal 7.12 Drupal 7.11 Drupal 7.10 Drupal 7.9 Drupal 7.8 Drupal 7.7 Drupal 7.6 Drupal 7.5 Drupal 7.4 Drupal 7.3 Drupal 7.2 Drupal 7.1 Drupal 7.0 Release Candidate 4 Drupal 7.0 Release Candidate 3 Drupal 7.0 Release Candidate 1 Drupal 7.0 Release Candidate 2 Drupal 7.0 dev Drupal 7.0 Beta 3 Drupal 7.0 Beta 2 Drupal 7.0 Beta 1 Drupal 7.0 alpha7 Drupal 7.0 alpha6 Drupal 7.0 alpha5 Drupal 7.0 alpha4 Drupal 7.0 alpha3 Drupal 7.0 alpha2 Drupal 7.0 alpha1 Drupal 7.0 Drupal Drupal 8.6.0 Rc1 (not an official CPE) Drupal Drupal 8.6.1 (not an official CPE) Drupal Drupal 8.6.2 (not an official CPE) Drupal Drupal 8.6.3 (not an official CPE) Drupal Drupal 8.6.4 (not an official CPE) Drupal Drupal 8.6.5 (not an official CPE) Drupal Drupal 8.6.6 (not an official CPE) Drupal Drupal 8.6.7 (not an official CPE) Drupal Drupal 8.6.8 (not an official CPE) Drupal Drupal 8.6.9 (not an official CPE) Drupal Drupal 8.6.10 (not an official CPE) Drupal Drupal 8.6.11 (not an official CPE) Drupal Drupal 8.6.12 (not an official CPE)