Description

Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.

Remediation

References

CVE-2020-13662

Related Vulnerabilities

phpList Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6178)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2960)

WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions Security Bypass (2.3.2)

WordPress Plugin Mailster-Email Newsletter for WordPress Cross-Site Scripting (2.4.5.1)

WordPress Plugin Broadcast Live Video-Live Streaming:HTML5, WebRTC, HLS, RTSP, RTMP PHP Object Injection (4.67.8)

Severity

Medium

Classification

CVE-2020-13662 CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities