Security advisories: Drupal core – Moderately critical – Cross Site Scripting – SA-CORE-2019-004

0 Flares Twitter 0 Facebook 0 Filament.io 0 Flares ×
Project: 
Date: 
2019-March-20
Vulnerability: 
Cross Site Scripting
Description: 

Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

Solution: 

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.

Reported By: 
Fixed By: