Medium severity4.7NVD Advisory· Published Mar 1, 2018· Updated Jun 17, 2026
CVE-2017-6932
CVE-2017-6932
Description
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 7.0, < 7.57 | 7.57 |
drupal/drupalPackagist | >= 7.0, < 7.57 | 7.57 |
Affected products
3- ghsa-coords2 versions
>= 7.0, < 7.57+ 1 more
- (no CPE)range: >= 7.0, < 7.57
- (no CPE)range: >= 7.0, < 7.57
- Range: 7.x versions before 7.57
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-wm86-w3cf-h6vmghsaADVISORY
- lists.debian.org/debian-lts-announce/2018/02/msg00030.htmlnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-6932ghsaADVISORY
- www.debian.org/security/2018/dsa-4123nvdThird Party AdvisoryWEB
- www.drupal.org/sa-core-2018-001nvdVendor AdvisoryWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2017-6932.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2017-6932.yamlghsaWEB
News mentions
0No linked articles in our index yet.