{"containers":{"cna":{"affected":[{"product":"Drupal core","vendor":"Drupal","versions":[{"lessThan":"7.65","status":"affected","version":"Drupal 7","versionType":"custom"},{"lessThan":"8.6.13","status":"affected","version":"Drupal 8.6","versionType":"custom"},{"lessThan":"8.5.14","status":"affected","version":"Drupal 8.5","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability."}],"problemTypes":[{"descriptions":[{"description":"Cross Site Scripting","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-05-16T01:06:05.000Z","orgId":"2c85b837-eb8b-40ed-9d74-228c62987387","shortName":"drupal"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.drupal.org/sa-core-2019-004"},{"name":"[debian-lts-announce] 20190401 [SECURITY] [DLA 1746-1] drupal7 security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.synology.com/security/advisory/Synology_SA_19_13"},{"name":"FEDORA-2019-79bd99f9a8","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/"},{"name":"FEDORA-2019-2fbce03df3","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/"},{"name":"FEDORA-2019-35589cfcb5","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/"},{"name":"FEDORA-2019-1d9be4b853","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/"}],"source":{"advisory":"SA-CORE-2019-004","discovery":"UNKNOWN"},"title":"Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004","x_generator":{"engine":"Vulnogram 0.0.5"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@drupal.org","ID":"CVE-2019-6341","STATE":"PUBLIC","TITLE":"Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Drupal core","version":{"version_data":[{"version_affected":"<","version_name":"Drupal 7","version_value":"7.65"},{"version_affected":"<","version_name":"Drupal 8.6","version_value":"8.6.13"},{"version_affected":"<","version_name":"Drupal 8.5","version_value":"8.5.14"}]}}]},"vendor_name":"Drupal"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability."}]},"generator":{"engine":"Vulnogram 0.0.5"},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Cross Site Scripting"}]}]},"references":{"reference_data":[{"name":"https://www.drupal.org/sa-core-2019-004","refsource":"CONFIRM","url":"https://www.drupal.org/sa-core-2019-004"},{"name":"[debian-lts-announce] 20190401 [SECURITY] [DLA 1746-1] drupal7 security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html"},{"name":"https://www.synology.com/security/advisory/Synology_SA_19_13","refsource":"CONFIRM","url":"https://www.synology.com/security/advisory/Synology_SA_19_13"},{"name":"FEDORA-2019-79bd99f9a8","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/"},{"name":"FEDORA-2019-2fbce03df3","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/"},{"name":"FEDORA-2019-35589cfcb5","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/"},{"name":"FEDORA-2019-1d9be4b853","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/"}]},"source":{"advisory":"SA-CORE-2019-004","discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T20:23:20.919Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.drupal.org/sa-core-2019-004"},{"name":"[debian-lts-announce] 20190401 [SECURITY] [DLA 1746-1] drupal7 security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00003.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.synology.com/security/advisory/Synology_SA_19_13"},{"name":"FEDORA-2019-79bd99f9a8","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNTLCBAN6T7WYR5C4TNEYQD65IIR3V4P/"},{"name":"FEDORA-2019-2fbce03df3","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4SVTVIJ33XCFQ6X6XTVMQM3NPLP2WFS/"},{"name":"FEDORA-2019-35589cfcb5","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P4KTET2PTSIS3ZZ4SGBRQEN6CCLV5SYX/"},{"name":"FEDORA-2019-1d9be4b853","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWHF4LALNBZCXMITWWVWKY3PNVYTM3N7/"}]}]},"cveMetadata":{"assignerOrgId":"2c85b837-eb8b-40ed-9d74-228c62987387","assignerShortName":"drupal","cveId":"CVE-2019-6341","datePublished":"2019-03-26T18:04:37.000Z","dateReserved":"2019-01-15T00:00:00.000Z","dateUpdated":"2024-08-04T20:23:20.919Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}