Vulnerability in Drupal.org Drupal Core
CVE-2017-6932
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacke…
EPSS: 0.004 (60.0th percentile) — read the EPSS interpretation.
Affected products
- Drupal.org Drupal Core — versions 7.x versions before 7.57
References
- DSA-4123 (vendor-advisory, x_refsource_DEBIAN)
- [debian-lts-announce] 20180228 [SECURITY] [DLA 1295-1] drupal7 security update (mailing-list, x_refsource_MLIST)
- www.drupal.org/sa-core-2018-001 (x_refsource_CONFIRM)