Published: 01/03/2018 Updated: 21/03/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #891153 drupal7: CVE-2017-6929: jQuery vulnerability with untrusted domains Package: src:drupal7; Maintainer for src:drupal7 is Gunnar Wolf <gwolf@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 22 Feb 2018 19:51:01 UTC Severity: grave Tags: security, upstream F ...

Multiple vulnerabilities have been found in the Drupal content management framework For additional information, please refer to the upstream advisory at wwwdrupalorg/sa-core-2018-001 For the oldstable distribution (jessie), this problem has been fixed in version 732-1+deb8u10 For the stable distribution (stretch), this problem has been ...

CWE-79 https://www.drupal.org/sa-core-2018-001 https://www.debian.org/security/2018/dsa-4123 https://lists.debian.org/debian-lts-announce/2018/02/msg00030.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891153 https://nvd.nist.gov https://www.debian.org/security/./dsa-4123

CVE-2017-6929

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect