Description

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

Remediation

References

CVE-2016-9451

Related Vulnerabilities

ReviveAdserver Improper Access Control Vulnerability (CVE-2015-7369)

WordPress Plugin Share This Image Unspecified Vulnerability (1.19)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-2110)

MySQL CVE-2019-2494 Vulnerability (CVE-2019-2494)

Jboss EAP Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-10212)

Severity

Medium

Classification

CVE-2016-9451 CWE-601 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities