Description

Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.

Remediation

References

CVE-2012-1589

Related Vulnerabilities

Serendipity Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2006-6242)

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-23839)

WordPress Plugin Search Unleashed 'Log' Function HTML Injection (0.2.10)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-1564)

Jboss EAP CVE-2022-2764 Vulnerability (CVE-2022-2764)

Severity

Medium

Classification

CVE-2012-1589 CWE-20

Tags

Missing Update Known Vulnerabilities