Description
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References (14)
Core 14
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161265.html
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2507741
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75284
Various Sources x_refsource_misc
https://www.drupal.org/node/2507735
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3291
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75279
Vendor Advisory x_refsource_confirm
https://www.drupal.org/SA-CORE-2015-002
Patch x_refsource_confirm
https://www.drupal.org/node/2507535
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75280
Patch x_refsource_confirm
https://www.drupal.org/node/2507561
Patch x_refsource_confirm
https://www.drupal.org/node/2507555
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/07/04/4
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2507729
Scores
EPSS
0.0494
EPSS Percentile
89.7%
Details
Status
published
Products (35)
drupal/drupal
7.0 (16 CPE variants)
drupal/drupal
7.1
drupal/drupal
7.2
drupal/drupal
7.3
drupal/drupal
7.4
drupal/drupal
7.5
drupal/drupal
7.6
drupal/drupal
7.7
drupal/drupal
7.8
drupal/drupal
7.9
... and 25 more
Published
Jun 22, 2015
Tracked Since
Feb 18, 2026