WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-9451)

Description

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

Remediation

References

Related Vulnerabilities

Drupal Core 4.6.x Cross-Site Request Forgery (4.6.0 - 4.6.9)

Zenphoto Improper Privilege Management Vulnerability (CVE-2018-0610)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.17)

WordPress Plugin WP Google Maps Cross-Site Request Forgery (7.11.27)

Python Uncontrolled Search Path Element Vulnerability (CVE-2020-15523)

Severity

Medium

Classification

CVE-2016-9451 CWE-601 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities