Description
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.
Remediation
References
Related Vulnerabilities
WordPress Incorrect Authorization Vulnerability (CVE-2018-20147)
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2021-30639)
Oracle HTTP Server Missing Authorization Vulnerability (CVE-2025-21498)
WordPress Plugin Essential Content Types Security Bypass (1.4)
WordPress Plugin Side Cart Woocommerce (Ajax) Cross-Site Request Forgery (2.0)