Back to search
CVE-2017-6932
Published: Mar 1, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
| Vendor | Product | Versions |
|---|---|---|
Drupal.org | Drupal Core | affected 7.x versions before 7.57 |
References
DSA-4123
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20180228 [SECURITY] [DLA 1295-1] drupal7 security update
mailing-list
x_refsource_MLIST
https://www.drupal.org/sa-core-2018-001
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now