CVE-2013-6389

Drupal 7.x < 7.24 - Open Redirect via Overlay Module

Title source: llm

Description

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/11/22/4

Patch, Vendor Advisory x_refsource_confirm

https://drupal.org/SA-CORE-2013-003

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2013/dsa-2804

Scores

EPSS 0.0025

EPSS Percentile 48.5%

Details

CWE

CWE-20

Status published

Products (26)

drupal/drupal 7.0 (16 CPE variants)

drupal/drupal 7.1

drupal/drupal 7.2

drupal/drupal 7.3

drupal/drupal 7.4

drupal/drupal 7.5

drupal/drupal 7.6

drupal/drupal 7.7

drupal/drupal 7.8

drupal/drupal 7.9

... and 16 more

Published Dec 07, 2013

Tracked Since Feb 18, 2026