← back
CVE-2017-6929

CVE-2017-6929

EPSS 1.3%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
01 Mar 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal core upgrade to jQuery 3. For Drupal 7, it is fixed in the current release (Drupal 7.57) for jQuery 1.4.4 (the version that ships with Drupal 7 core) as well as for other newer versions of jQuery that might be used on the site, for example using the jQuery Update module.
Affected products
Drupal.org · Drupal Core

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.debian.org/debian-lts-announce/2018/02/msg00030.htmlhttps://www.debian.org/security/2018/dsa-4123https://www.drupal.org/sa-core-2018-001