Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-wm86-w3cf-h6vm

Опубликовано: 14 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 4.7

Описание

Drupal external link injection vulnerability

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.

Ссылки

Пакеты

Наименование

drupal/core

composer
Затронутые версииВерсия исправления

>= 7.0, < 7.57

7.57

Наименование

drupal/drupal

composer
Затронутые версииВерсия исправления

>= 7.0, < 7.57

7.57

EPSS

Процентиль: 59%
0.00383
Низкий

4.7 Medium

CVSS3

CVE ID

CVE-2017-6932

Дефекты

CWE-601

Связанные уязвимости

ubuntu логотип

CVE-2017-6932

CVSS3: 4.7
ubuntu
больше 7 лет назад

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.

nvd логотип

CVE-2017-6932

CVSS3: 4.7
nvd
больше 7 лет назад

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.

debian логотип

CVE-2017-6932

CVSS3: 4.7
debian
больше 7 лет назад

Drupal core 7.x versions before 7.57 has an external link injection vu ...

EPSS

Процентиль: 59%
0.00383
Низкий

4.7 Medium

CVSS3

CVE ID

CVE-2017-6932

Дефекты

CWE-601