Multiple vulnerabilities in the Drupal core
8.4.x-dev 7.x-dev
Description
The security team of Drupal has published two new versions that correct multiple vulnerabilities in versions 7 and 8. Solution Update the Drupal core to the latest version: Drupal 8.4.5 Drupal 7.57
Detail
The main vulnerabilities corrected with these updates are: Any user with permission to post comments can access comments for which they do not have authorization and modify them.
This vulnerability affects version 8 of Drupal. The JavaScript function checkPlain () used to escape possible malicious entries does not correctly handle all HTML injection methods, being able to perform cross-site scripting attacks in certain circumstances. This vulnerability affects version 7 of Drupal.
8.4.x-dev 7.x-dev
Description
The security team of Drupal has published two new versions that correct multiple vulnerabilities in versions 7 and 8. Solution Update the Drupal core to the latest version: Drupal 8.4.5 Drupal 7.57
Detail
The main vulnerabilities corrected with these updates are: Any user with permission to post comments can access comments for which they do not have authorization and modify them.
This vulnerability affects version 8 of Drupal. The JavaScript function checkPlain () used to escape possible malicious entries does not correctly handle all HTML injection methods, being able to perform cross-site scripting attacks in certain circumstances. This vulnerability affects version 7 of Drupal.
Comments
Post a Comment