In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting (XSS) vulnerability. Reference: https://www.drupal.org/sa-core-2019-004
Created drupal7 tracking bugs for this issue: Affects: fedora-all [bug 1693079] Created drupal8 tracking bugs for this issue: Affects: fedora-all [bug 1693080]
Created drupal7 tracking bugs for this issue: Affects: epel-all [bug 1693081]
External References: https://www.drupal.org/sa-core-2019-004
All dependent bugs are closed, can this tracking bug be closed as well please?