Vulnerability in Drupal.org Drupal Core

CVE-2017-6929

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulne…

EPSS: 0.006 (70.0th percentile) — read the EPSS interpretation.

Affected products

Drupal.org Drupal Core — versions 7.x versions before 7.57

References

DSA-4123 (vendor-advisory, x_refsource_DEBIAN)
[debian-lts-announce] 20180228 [SECURITY] [DLA 1295-1] drupal7 security update (mailing-list, x_refsource_MLIST)
www.drupal.org/sa-core-2018-001 (x_refsource_CONFIRM)