Vigilance.fr - Drupal POST File: Cross Site Scripting via /postfile/upload, analyzed on 13/11/2024

January 2025 by Vigilance.fr

An attacker can trigger a Cross Site Scripting of Drupal POST File, via /postfile/upload, in order to run JavaScript code in the context of the web site.

Plus d'information sur : https://vigilance.fr/vulnerability/Drupal-POST-File-Cross-Site-Scripting-via-postfile-upload-45643