← Zuruck zu CVEs
CVE-2017-6932
N/ABeschreibung
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht3/1/2018
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
debian:debian_linuxdrupal:drupal
Schwachen (CWE)
CWE-601
Referenzen
https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html(mlhess@drupal.org)
https://www.debian.org/security/2018/dsa-4123(mlhess@drupal.org)
https://www.drupal.org/sa-core-2018-001(mlhess@drupal.org)
https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2018/dsa-4123(af854a3a-2127-422b-91ae-364da2661108)
https://www.drupal.org/sa-core-2018-001(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.