Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-6932)

Description

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.

Remediation

References

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-3239)

Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-11831)

Caddy Web Server Authentication Bypass by Spoofing Vulnerability (CVE-2023-50463)

WordPress Plugin FancyBox for WordPress Cross-Site Scripting (3.0.2)

WordPress Plugin Ultimate Membership Pro Cross-Site Request Forgery (8.6.1)

Severity

Medium

Classification

CVE-2017-6932 CWE-601 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities