Description
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
Remediation
References
Related Vulnerabilities
Microsoft SQL Server CVE-2023-32027 Vulnerability (CVE-2023-32027)
WordPress Plugin Tickera-WordPress Event Ticketing Cross-Site Scripting (3.4.8.2)
WordPress Plugin Catch Breadcrumb Cross-Site Scripting (1.5.4)
Oracle Database Server Other Vulnerability (CVE-2005-3206)
PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7272)