Main Vulnerability Database Vulnerabilities #VU40006

Open redirect in Drupal - CVE-2016-9451

Published: November 25, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40006

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-9451

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Drupal

Affected software:
Drupal

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

Install update from vendor's website.