Vulnerability in Drupal.org Drupal Core
CVE-2017-6927
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically g…
EPSS: 0.014 (80.7th percentile) — read the EPSS interpretation.
Affected products
- Drupal.org Drupal Core — versions 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57
References
- DSA-4123 (vendor-advisory, x_refsource_DEBIAN)
- [debian-lts-announce] 20180228 [SECURITY] [DLA 1295-1] drupal7 security update (mailing-list, x_refsource_MLIST)
- 103138 (vdb-entry, x_refsource_BID)
- www.drupal.org/sa-core-2018-001 (x_refsource_CONFIRM)