CVE-2013-6389
HIGH7.5EPSS 0.25%Drupal has open redirect vulnerability in the Overlay module
Published: 5/17/2022Modified: 10/30/2024
Also known as:GHSA-hxg2-5c8p-ppwm
Description
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Affected packages (1)
- Packagist/drupal/drupal>= 7.0, < 7.24
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-6389
- PATCHhttps://github.com/drupal/drupal
- WEBhttps://drupal.org/SA-CORE-2013-003
- WEBhttps://github.com/drupal/drupal/commit/782d1155c62c0a879bf587c7e40c3a13bcf6879c
- WEBhttp://www.debian.org/security/2013/dsa-2804
- WEBhttp://www.openwall.com/lists/oss-security/2013/11/22/4