Description
CRLF injection vulnerability in the drupal_goto function in includes/common.inc Drupal 4.7.x before 4.7.8 and 5.x before 5.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin ECPay Logistics for WooCommerce Cross-Site Scripting (1.2.181030)
WordPress Plugin Remove Yoast SEO comments Unspecified Vulnerability (1.0.4)
WordPress Plugin Manage Calameo Publications by Athlon Cross-Site Scripting (1.1.0)