CVE-2019-6341

CWE-79Cross-site Scripting (XSS)11 documents6 sources
Severity
5.4MEDIUM
EPSS
46.5%
top 2.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Drupal Drupal CoreDrupal DrupalDrupal Core+2 more
Timeline
PublishedMar 26
Latest updateMay 24

Description

In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

Packagistdrupal/core7.0.07.65.0+2
NVDdrupal/drupal7.07.65+2
Packagistdrupal/drupal7.0.07.65.0+2
CVEListV5drupal/drupal_coreDrupal 77.65+2

Also affects: Debian Linux 8.0, Fedora 28, 29

Patches

Patch: www.drupal.orgPatch: www.drupal.org

🔴Vulnerability Details

5
GHSA
Drupal Cross Site Scripting (XSS) vulnerability2022-05-24
OSV
Drupal Cross Site Scripting (XSS) vulnerability2022-05-24
OSV
CVE-2019-6341: In Drupal 7 versions prior to 72019-03-26
CVEList
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-0042019-03-26
OSV
CVE-2019-6341: Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerabi2019-03-20

📋Vendor Advisories

1
Drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-0042019-03-20

💬Community

4
Bugzilla
CVE-2019-6341 drupal7: cross-site scripting vulnerability in module/subsystem [epel-all]2019-03-27
Bugzilla
CVE-2019-6341 drupal7: cross-site scripting vulnerability in module/subsystem [fedora-all]2019-03-27
Bugzilla
CVE-2019-6341 drupal7: cross-site scripting vulnerability in module/subsystem2019-03-27
Bugzilla
CVE-2019-6341 drupal8: drupal7: cross-site scripting vulnerability in module/subsystem [fedora-all]2019-03-27
CVE-2019-6341 (MEDIUM CVSS 5.4) | In Drupal 7 versions prior to 7.65 | cvebase.io