vulnerability
FreeBSD: VID-57580FCC-1A61-11E8-97E0-00E04C1EA73D (CVE-2017-6927): drupal -- Drupal Core - Multiple Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Feb 21, 2018 | Feb 27, 2018 | May 7, 2019 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Feb 21, 2018
Added
Feb 27, 2018
Modified
May 7, 2019
Description
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.
Solutions
freebsd-upgrade-package-drupal7freebsd-upgrade-package-drupal8
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.