Upgrade Your Drupal Skills
We trained 1,000+ Drupal Developers over the last decade.
See Advanced Courses NAH, I know EnoughDrupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004
Parent Feed:
Project:
Date:
2019-March-20
Vulnerability:
Cross Site Scripting
CVE IDs:
CVE-2019-6341
Description:
Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability.
Solution:
- If you are using Drupal 8.6, update to Drupal 8.6.13.
- If you are using Drupal 8.5 or earlier, update to Drupal 8.5.14.
- If you are using Drupal 7, update to Drupal 7.65.
Versions of Drupal 8 prior to 8.5.x are end-of-life and do not receive security coverage.
Reported By:
Fixed By:
- Alex Pott of the Drupal Security Team
- Lee Rowlands of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
- Neil Drumm of the Drupal Security Team
- Michael Hess of the Drupal Security Team
- David Rothstein of the Drupal Security Team
- Peter Wolanin of the Drupal Security Team
Original Post:
About Drupal Sun
Drupal Sun is an Evolving Web project. It allows you to:
- Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
- Facet based on tags, author, or feed
- Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
- View the entire article text inline, or in the context of the site where it was created
See the blog post at Evolving Web