Description
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
Remediation
References
Related Vulnerabilities
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.23)
MySQL CVE-2016-0597 Vulnerability (CVE-2016-0597)
WordPress Plugin dsSearchAgent:WordPress Edition Cross-Site Scripting (1.0-beta10)
WordPress 3.9.x Same Origin Method Execution (SOME) Vulnerability (3.9 - 3.9.11)
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Remote Code Execution (2.8.5)