CVE-2017-6927 -- drupal7ID: oval:org.secpod.oval:def:1900445 | Date: (C)2019-02-28 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.check Plain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML . This function does not correctly handle all methods of injecting malicious HTML, leading to across-site scripting vulnerability under certain circumstances. The PHP functions which Drupal provides for HTML escaping are not affected.
Platform: |
Ubuntu 16.04 |
Ubuntu 14.04 |