Description

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.

Remediation

References

CVE-2015-2750

Related Vulnerabilities

WordPress Plugin Ticketrilla:Client PHP Object Injection (1.0.1)

WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (6.8.1)

WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2049)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5241)

Severity

Medium

Classification

CVE-2015-2750 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities