The vulnerability, an instance of Modification of Assumed-Immutable Data, allows the Translate Drupal with GTranslate module to perform DOM clobbering and link manipulation. An attacker may craft or inject content that changes the destination of a link or resource reference, causing the user to be redirected to a malicious site without knowledge of the abuse. This provides the attacker with the ability to silently redirect users, potentially leading to phishing or malware delivery. The root weakness is classified as CWE‑471, indicating unreliable use of a data source that was intended to be immutable.

The flaw exists in the Drupal Translate Drupal with GTranslate module, versions starting at 0.0.0 up to, but excluding, 3.0.5. Users running any of these versions are vulnerable. The issue is specific to the Drupal ecosystem and does not affect other platforms.

The exploitation of this flaw requires the ability to influence the module’s output, typically by injecting crafted content into a page that uses Translate. Users must be able to view the affected page, which may be an implicit attack vector. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploits. Nevertheless, because the attack can be performed through normal page rendering, the theoretical risk is moderate: it could be carried out by a distant adversary with knowledge of a vulnerable site. Due to the lack of an EPSS score, organizations should treat the risk as uncertain but potentially exploitable.