CVE-2017-6929 — Cross-site Scripting in Drupal
Severity
6.1MEDIUMNVD
EPSS
0.6%
top 30.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 1
Latest updateMay 14
Description
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that mig…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages4 packages
Also affects: Debian Linux 7.0, 8.0, 9.0
🔴Vulnerability Details
4📋Vendor Advisories
1💬Community
4Bugzilla▶
CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001)↗2018-02-23
Bugzilla▶
CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal8: drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001) [fedora-all]↗2018-02-23
Bugzilla▶
CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal7: drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001) [epel-all]↗2018-02-23
Bugzilla▶
CVE-2017-6926 CVE-2017-6927 CVE-2017-6928 CVE-2017-6929 CVE-2017-6930 CVE-2017-6931 CVE-2017-6932 drupal7: drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5 (SA-CORE-2018-001) [fedora-all]↗2018-02-23