Control: clone -1 -2 -3 -4 Control: retitle -1 drupal7: SA-CORE-2018-001: JavaScript cross-site scripting prevention is incomplete Control: retitle -2 drupal7: SA-CORE-2018-001: Private file access bypass Control: retitle -3 drupal7: SA-CORE-2018-001: jQuery vulnerability with untrusted domains Control: retitle -4 drupal7: SA-CORE-2018-001: External link injection on 404 pages when linking to the current page
Hi On Thu, Feb 22, 2018 at 08:46:30PM +0100, Salvatore Bonaccorso wrote: > Source: drupal7 > Version: 7.56-1 > Severity: grave > Tags: security upstream > > Hi > > There was a new Drupal security advisory at > > https://www.drupal.org/sa-core-2018-001 > > where several issues affect as well drupal7. > > * JavaScript cross-site scripting prevention is incomplete - Critical - > Drupal 7 and Drupal 8 > * Private file access bypass - Moderately Critical - Drupal 7 > * jQuery vulnerability with untrusted domains - Moderately Critical > - Drupal 7 > * External link injection on 404 pages when linking to the current page > - Less Critical - Drupal 7 Let's split this up actually in the individual issues affecting Drupal 7 since there are no CVE yet available to identify the issues. Regards, Salvatore
