Description

Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.

Remediation

References

CVE-2012-1589

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-2644)

Moodle Incorrect Authorization Vulnerability (CVE-2020-25701)

SharePoint CVE-2022-30171 Vulnerability (CVE-2022-30171)

WordPress Plugin Essential Blocks-Page Builder Gutenberg Blocks, Patterns & Templates Multiple PHP Object Injection Vulnerabilities (4.2.0)

WordPress Plugin Fetch Tweets Unspecified Vulnerability (1.3.3.6)

Severity

Medium

Classification

CVE-2012-1589 CWE-20

Tags

Missing Update Known Vulnerabilities