Description
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
Remediation
References
Related Vulnerabilities
axios Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-45857)
Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-7936)
WordPress Plugin Database Backups Cross-Site Request Forgery (1.2.2.6)
WordPress Plugin OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) Security Bypass (3.0.3)