[3.10] drupal7: Cross Site Scripting (no CVE, SA-CORE-2019-004)
CVE ID: not yet available
Under certain circumstances the File module/subsystem allows a malicious
user to upload
a file that can trigger a cross-site scripting (XSS) vulnerability.
Solution:
If you are using Drupal 7, update to Drupal 7.65.
Reference:
https://www.drupal.org/sa-core-2019-004
(from redmine: issue id 10145, created on 2019-03-21, closed on 2019-03-25)
- Relations:
- parent #10144 (closed)