Drupal is vulnerable to open redirects. A malicious user can inject a malicious link to the application through the language switcher, which can then be used to cause open redirects.
CPE | Name | Operator | Version |
---|---|---|---|
drupal/drupal | le | 8.4.4 | |
drupal/core | le | 8.4.4 |