Lucene search

GitHub Advisory DatabaseGHSA-WWRM-8947-4M6C

HistoryMay 17, 2022 - 4:56 a.m.

Drupal Open Redirect

2022-05-1704:56:42

CWE-20

CWE-601

GitHub Advisory Database

github.com

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

73.2%

JSON

Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.

Affected configurations

Vulners

Node

drupaldrupalRange<7.13

CPENameOperatorVersion
drupal/drupallt7.13

CPE	Name	Operator	Version
	drupal/drupal	lt	7.13

References

drupal.org/node/1557938

jvn.jp/en/jp/JVN45898075/index.html

jvndb.jvn.jp/jvndb/JVNDB-2012-000045

github.com/advisories/GHSA-wwrm-8947-4m6c

nvd.nist.gov/vuln/detail/CVE-2012-1589

web.archive.org/web/20120507035905/www.securityfocus.com/bid/53365

web.archive.org/web/20150523060428/www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:074/?name=MDVSA-2013:074

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

73.2%

JSON

Related for GHSA-WWRM-8947-4M6C