exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2017-6927

больше 7 лет назад

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.

CVSS3: 6.1

EPSS: Низкий

CVE-2017-6927

больше 7 лет назад

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.

CVSS3: 6.1

EPSS: Низкий

CVE-2017-6927

больше 7 лет назад

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 ...

CVSS3: 6.1

EPSS: Низкий

GHSA-585j-5449-mf5m

около 3 лет назад

Drupal cross-site scripting vulnerability

CVSS3: 6.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2017-6927 Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.	CVSS3: 6.1	2% Низкий	больше 7 лет назад
CVE-2017-6927 Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.	CVSS3: 6.1	2% Низкий	больше 7 лет назад
CVE-2017-6927 Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 ...	CVSS3: 6.1	2% Низкий	больше 7 лет назад
GHSA-585j-5449-mf5m Drupal cross-site scripting vulnerability	CVSS3: 6.1	2% Низкий	около 3 лет назад

Уязвимостей на страницу