Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 8.0 | |
debian_linux | eq | 7.0 | |
drupal | eq | 8.0.0 alpha9 | |
drupal | eq | 7.0 alpha5 | |
drupal | eq | 7.0 dev | |
drupal | eq | 7.0 alpha7 | |
drupal | eq | 6.0 beta2 | |
drupal | eq | 6.33 | |
drupal | eq | 7.40 | |
drupal | eq | 8.0.0 beta12 |