drupal7: Cross Site Scripting (no CVE, SA-CORE-2019-004)
CVE ID: not yet available
Under certain circumstances the File module/subsystem allows a malicious
user to upload
a file that can trigger a cross-site scripting (XSS) vulnerability.
Solution:
If you are using Drupal 7, update to Drupal 7.65.
Reference:
https://www.drupal.org/sa-core-2019-004
(from redmine: issue id 10144, created on 2019-03-21, closed on 2019-03-25)
- Relations:
- child #10145 (closed)
- child #10146 (closed)
- Changesets:
- Revision c6c599aa by Francesco Colista on 2019-03-22T13:42:10Z:
community/drupal7: security upgrade to 7.65
Ref: https://www.drupal.org/sa-core-2019-004
Fixes #10144