Description
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2022-30159 Vulnerability (CVE-2022-30159)
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)
MySQL CVE-2021-2061 Vulnerability (CVE-2021-2061)
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8109)
WordPress Plugin Shopping Cart & eCommerce Store Information Disclosure (2.0.5)