FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- Drupal Core - Multiple Vulnerabilities

Affected packages
drupal7 < 7.56
drupal8 < 8.4.4

Details

VuXML ID 57580fcc-1a61-11e8-97e0-00e04c1ea73d
Discovery 2018-02-21
Entry 2018-02-25

Drupal Security Team reports:

CVE-2017-6926: Comment reply form allows access to restricted content

CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete

CVE-2017-6928: Private file access bypass - Moderately Critical

CVE-2017-6929: jQuery vulnerability with untrusted domains - Moderately Critical

CVE-2017-6930: Language fallback can be incorrect on multilingual sites with node access restrictions

CVE-2017-6931: Settings Tray access bypass

CVE-2017-6932: External link injection on 404 pages when linking to the current page

References

CVE Name CVE-2017-6926
CVE Name CVE-2017-6927
CVE Name CVE-2017-6928
CVE Name CVE-2017-6929
CVE Name CVE-2017-6930
CVE Name CVE-2017-6931
CVE Name CVE-2017-6932