CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-6927
https://notcve.org/view.php?id=CVE-2017-6927
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through Twig autoescaping). This function does not correctly handle all methods of injecting malicious HTML, leading to a cross-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected. Las versiones 8.4.x de Drupal anteriores a la 8.4.5 y las versiones 7.x anteriores a la 7.57 tienen una función de JavaScript Drupal.checkPlain() que se emplea para escapar texto potencialmente peligroso antes de extraerlo como HTML (ya que la exportación JavaScript no suele pasar un proceso de autoescape Twig). Esta función no gestiona adecuadamente todos los métodos de inyección de HTML malicioso, lo que conduce a una vulnerabilidad de Cross-Site Scripting (XSS) en ciertas circunstancias. • http://www.securityfocus.com/bid/103138 https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html https://www.debian.org/security/2018/dsa-4123 https://www.drupal.org/sa-core-2018-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6928
https://notcve.org/view.php?id=CVE-2017-6928
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access to the file and another is trying to deny it, leading to an access bypass vulnerability. This vulnerability is mitigated by the fact that it only occurs for unusual site configurations. Las versiones 7.x de Drupal core anteriores a la 7.57, cuando emplean el sistema de archivos privado de Drupal, comprobarán si un usuario tiene acceso a un archivo antes de permitirle verlo o descargarlo. Esta comprobación fracasa en ciertos casos en los que un módulo intenta otorgar acceso al archivo y otro intenta denegarlo, lo que conduce a una vulnerabilidad de omisión de acceso. • https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html https://www.debian.org/security/2018/dsa-4123 https://www.drupal.org/sa-core-2018-001 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-6929
https://notcve.org/view.php?id=CVE-2017-6929
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module. Hay una vulnerabilidad de Cross-Site Scripting (XSS) jQuery cuando se realizan peticiones Ajax a dominios no fiables. • https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html https://www.debian.org/security/2018/dsa-4123 https://www.drupal.org/sa-core-2018-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6932
https://notcve.org/view.php?id=CVE-2017-6932
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site. Las versiones 7.x de Drupal core anteriores a la 7.57 tienen una vulnerabilidad de inyección de enlaces externos cuando se emplea el bloque de cambio de lenguaje. Existe una vulnerabilidad similar en varios módulos personalizados y contribuidos. • https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html https://www.debian.org/security/2018/dsa-4123 https://www.drupal.org/sa-core-2018-001 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 0CVE-2015-7943
https://notcve.org/view.php?id=CVE-2015-7943
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233. Vulnerabilidad de redirección abierta en el módulo Overlay en Drupal 7.x anterior a 7.41, el módulo jQuery Update 7.x-2.x anterior a 7.x-2.7 para Drupal, y el módulo LABjs 7.x-1.x anterior a 7.x-1.8 permite que atacantes remotos redirijan usuarios a sitios web arbitrarios y lleven a cabo ataques de phishing mediante vectores sin especificar. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-3233. • http://www.debian.org/security/2017/dsa-3897 http://www.securityfocus.com/bid/77293 https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2015-10-21/drupal-core-overlay-less-critical https://www.drupal.org/node/2598426 https://www.drupal.org/node/2598434 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •