Drupal Core – Cross Site Scripting

March 21, 2019 Duncan 2318 Views 0 Comments Drupel, SA-CORE-2019-004, XSS 0 min read

Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.

Drupel security ID – SA-CORE-2019-004

Solution:

If you are using Drupal 8.6, update to Drupal 8.6.13.
If you are using Drupal 8.5 or earlier, update to Drupal 8.5.14.
If you are using Drupal 7, update to Drupal 7.65.

Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.Reported By:

Zero Day Initiative

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Drupal Core – Cross Site Scripting

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Duncan

Leave a ReplyCancel reply