CVE-2016-9451
MEDIUMDrupal < 7.52 - Open Redirect
Title source: ruleDescription
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
Scores
CVSS v3
6.8
EPSS
0.0012
EPSS Percentile
30.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Classification
CWE
CWE-601
Status
published
Affected Products (50)
drupal/drupal
drupal/drupal
drupal/drupal
drupal/drupal
drupal/drupal
drupal/drupal
drupal/drupal
drupal/drupal
drupal/drupal
drupal/drupal
drupal/drupal
drupal/drupal
drupal/drupal
drupal/drupal
drupal/drupal
... and 35 more
Timeline
Published
Nov 25, 2016
Tracked Since
Feb 18, 2026