Drupal Other Vulnerability (CVE-2016-3164)

Description

Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.

Remediation

References

CVE-2016-3164

Related Vulnerabilities

WordPress Plugin Gravity Forms-Clockwork SMS Cross-Site Scripting (2.2)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1875)

Liferay Portal Excessive Iteration Vulnerability (CVE-2024-25144)

ASP.NET MVC Improper Authentication Vulnerability (CVE-2018-8171)

WordPress Plugin FancyBox for WordPress Security Bypass (3.0.2)

Severity

High

Classification

CVE-2016-3164 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N