CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
76.4%
Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
Vendor | Product | Version | CPE |
---|---|---|---|
bryce_hamrick | janrain_capture | 6.x-1.0 | cpe:2.3:a:bryce_hamrick:janrain_capture:6.x-1.0:*:*:*:*:*:*:* |
bryce_hamrick | janrain_capture | 7.x-1.0 | cpe:2.3:a:bryce_hamrick:janrain_capture:7.x-1.0:*:*:*:*:*:*:* |
drupal | drupal | - | cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:* |