The vulnerability, an instance of Modification of Assumed-Immutable Data, allows the Translate Drupal with GTranslate module to perform DOM clobbering and link manipulation. An attacker may craft or inject content that changes the destination of a link or resource reference, causing the user to be redirected to a malicious site without knowledge of the abuse. This provides the attacker with the ability to silently redirect users, potentially leading to phishing or malware delivery. The root weakness is classified as CWE‑471, indicating unreliable use of a data source that was intended to be immutable.

The flaw exists in the Drupal Translate Drupal with GTranslate module, versions starting at 0.0.0 up to, but excluding, 3.0.5. Users running any of these versions are vulnerable. The issue is specific to the Drupal ecosystem and does not affect other platforms.

The exploitation of this flaw requires the ability to influence the module’s output, typically by injecting crafted content into a page that uses Translate. The CVSS score of 2.7 indicates low severity. Users must be able to view the affected page, which may be an implicit attack vector. The EPSS score of 0.00018 indicates a very low exploitation probability, and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploits. Nevertheless, because the attack can be performed through normal page rendering, the theoretical risk is moderate: it could be carried out by a distant adversary with knowledge of a vulnerable site.