Vulnerability Description
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | >= 7.0, < 7.57 |
| Debian | Debian Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2018/02/msg00030.htmlThird Party Advisory
- https://www.debian.org/security/2018/dsa-4123Third Party Advisory
- https://www.drupal.org/sa-core-2018-001Vendor Advisory
- https://lists.debian.org/debian-lts-announce/2018/02/msg00030.htmlThird Party Advisory
- https://www.debian.org/security/2018/dsa-4123Third Party Advisory
- https://www.drupal.org/sa-core-2018-001Vendor Advisory
FAQ
What is CVE-2017-6932?
CVE-2017-6932 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. Th...
How severe is CVE-2017-6932?
CVE-2017-6932 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6932?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal, Debian Debian Linux.