Lucene search

K

GoogleOSV:GHSA-WM86-W3CF-H6VM

HistoryMay 14, 2022 - 3:36 a.m.

Drupal external link injection vulnerability

2022-05-1403:36:17

Google

osv.dev

3

drupal

external link

injection

vulnerability

language switcher block

custom modules

contributed modules

attacker

external site

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

50.7%

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.

References

github.com/drupal/core

github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6932.yaml

github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6932.yaml

lists.debian.org/debian-lts-announce/2018/02/msg00030.html

nvd.nist.gov/vuln/detail/CVE-2017-6932

www.debian.org/security/2018/dsa-4123

www.drupal.org/sa-core-2018-001

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

50.7%

Related for OSV:GHSA-WM86-W3CF-H6VM

cvelist1 nvd1 veracode1 friendsofphp2 cve1 prion1 github1 debiancve1 ubuntucve1 osv3 debian1 nessus4 openvas10 fedora8 freebsd1