Description

Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.

Remediation

References

CVE-2015-3232

Related Vulnerabilities

Oracle Database Server CVE-2013-5858 Vulnerability (CVE-2013-5858)

MySQL CVE-2016-0661 Vulnerability (CVE-2016-0661)

WordPress Plugin WHOIS 'domain' Parameter Cross-Site Scripting (1.4.2.2)

Oracle HTTP Server CVE-2021-2480 Vulnerability (CVE-2021-2480)

WordPress Plugin Simple Download Monitor Multiple Cross-Site Request Forgery Vulnerabilities (3.9.8)

Severity

Medium

Classification

CVE-2015-3232

Tags

Missing Update Known Vulnerabilities