MEDIUM
Drupal
CVE published 2026-05-10
CVE-2022-50957
CVE-2022-50957 is a reflected cross-site scripting (XSS) vulnerability associated with Drupal’s avatar_uploader 7.x-1.0-beta8. According to the NVD record and the referenced VulnCheck disclosure, an unauthenticated attacker can manipulate the file parameter in avatar_uploader.pages.inc to inject script content that executes in a victim’s browser. The issue is rated medium severity (CVSS 5.1) and is user-i [truncated]