| Max CVSS | 5.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-6928 | 3.5 |
Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is
|
03-10-2019 - 00:03 | 01-03-2018 - 23:29 | |
| CVE-2017-6927 | 4.3 |
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain() JavaScript function which is used to escape potentially dangerous text before outputting it to HTML (as JavaScript output does not typically go through T
|
22-03-2018 - 17:28 | 01-03-2018 - 23:29 | |
| CVE-2017-6932 | 5.8 |
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick
|
22-03-2018 - 13:53 | 01-03-2018 - 23:29 | |
| CVE-2017-6929 | 4.3 |
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability wa
|
21-03-2018 - 16:54 | 01-03-2018 - 23:29 |