CVE-2016-9451

Description

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

Affected packages (1)

• Packagist/drupal/core>= 7.0, < 7.52

CVSS scores

References (5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-9451
• PATCHhttps://github.com/drupal/core
• WEBhttps://www.drupal.org/SA-CORE-2016-005
• WEBhttp://www.debian.org/security/2016/dsa-3718
• WEBhttp://www.securityfocus.com/bid/94367