Fluid Attacks Database

Description

Drupal Cross Site Scripting (XSS) vulnerability In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	drupal/core	>=7.0.0 <7.65.0 \|\| >=8.0.0 <8.5.14 \|\| >=8.6.0 <8.6.13	7.65.0, 8.5.14, 8.6.13
packagist	drupal/drupal	>=7.0.0 <7.65.0 \|\| >=8.0.0 <8.5.14 \|\| >=8.6.0 <8.6.13	7.65.0, 8.5.14, 8.6.13

Aliases

1. CVE-2019-63412. NVD-2019-63413. OSV-2019-63414. GCVE-2019-63415. lists.debian.org

References