VDB
CVE-2019-6341
CVE-2019-6341
PUBLISHED
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
EPSS 47.08% · 97.7th percentile
Risk Scores
EPSS Score
47.08%
97.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:14.04:LTS | drupal7 | 0, 7.23-1, 7.24-1 |
| Ubuntu:Pro:16.04:LTS | drupal7 | 0, 7.38-1, 7.41-1 |
Timeline
- Mar 20, 2019 CVE Published
- May 16, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 5, 2023 EPSS Score
- Jun 5, 2023 EPSS Score
- Aug 7, 2023 EPSS Score
- Oct 20, 2023 EPSS Score
- Nov 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-6341 third-party-advisory
- https://www.drupal.org/SA-CORE-2019-004 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-6341 third-party-advisory