Описание
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.
EPSS
4.3 Medium
CVSS2