5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
72.9%
Drupal is a content management system (CMS). Drupal’s Form API fails to validate the redirect URL, which may lead to unintended information disclosure.
A remote attacker may change the redirect URL of a form. As a result, information such as authentication credentials may be disclosed.
Update the software
Update to the latest version of Drupal core according to the information provided by the developer.