CVE-2012-1589
Drupal 7.x < 7.13 - Open Redirect via Form API Destination URL
Title source: llmDescription
Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/81679
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53365
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN45898075/index.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49012
Vendor Advisory x_refsource_confirm
http://drupal.org/node/1557938
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000045
Scores
EPSS
0.0036
EPSS Percentile
58.5%
Details
CWE
CWE-20
Status
published
Products (15)
drupal/drupal
7.0 (16 CPE variants)
drupal/drupal
7.1
drupal/drupal
7.2
drupal/drupal
7.3
drupal/drupal
7.4
drupal/drupal
7.5
drupal/drupal
7.6
drupal/drupal
7.7
drupal/drupal
7.8
drupal/drupal
7.9
... and 5 more
Published
May 18, 2012
Tracked Since
Feb 18, 2026