Decription: Multiple Vulnerabilities had been recently addressed by the Drupal team.
- Inconsistent name for MySQL term access query - information on taxonomy terms might have been disclosed to unprivileged users.
- Incorrect cache context on password reset page - unwanted content on the password reset page
- Confirmation forms allow external URLs to be injected - malicious users could construct a URL to a confirmation form to have users redirected to a 3rd party website after interacting with the confirmation form
- Denial of service via transliterate mechanism - specially crafted URL can cause a denial of service via the transliterate mechanism
- If you use Drupal 7.x, upgrade to Drupal core 7.52
- If you use Drupal 8.x, upgrade to Drupal core 8.2.3