drupal -- Drupal Core - Multiple Vulnerabilities

ID 57580FCC-1A61-11E8-97E0-00E04C1EA73D
Type freebsd
Reporter FreeBSD
Modified 2018-02-21T00:00:00


Drupal Security Team reports:

CVE-2017-6926: Comment reply form allows access to restricted content CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete CVE-2017-6928: Private file access bypass - Moderately Critical CVE-2017-6929: jQuery vulnerability with untrusted domains - Moderately Critical CVE-2017-6930: Language fallback can be incorrect on multilingual sites with node access restrictions CVE-2017-6931: Settings Tray access bypass CVE-2017-6932: External link injection on 404 pages when linking to the current page