vulnerability
FreeBSD: VID-C5EC57A9-9C2B-11EA-82B8-4C72B94353B5: drupal -- Multiple Vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | May 20, 2020 | May 23, 2020 | Feb 19, 2025 |
Description
Drupal Security Team reports:
The jQuery project released version 3.5.0, and as part of that,
disclosed two security vulnerabilities that affect all prior versions.
As mentioned in the jQuery blog, both are: ... Security issues in
jQuerys DOM manipulation methods, as in .html(), .append(), and the others.
Security advisories for both of these issues have been published on GitHub.
Drupal 7 has an Open Redirect vulnerability.
For example, a user could be tricked into visiting a specially crafted link
which would redirect them to an arbitrary external URL. The vulnerability is
caused by insufficient validation of the destination query parameter in the
drupal_goto() function.
Solutions
References
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.