Main Vulnerability Database SB2016112503

SB2016112503 - Open redirect in Drupal

Published: November 25, 2016 Updated: August 9, 2020

Security Bulletin ID SB2016112503

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Description

This security bulletin contains information about 1 security vulnerability.

1) Open redirect (CVE-ID: CVE-2016-9451)

The vulnerability allows a remote authenticated user to manipulate data.

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

Install update from vendor's website.