2 matches found
PT-2024-40513 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal version 7 Description: The issue is caused by insufficient validation of the destination query parameter in the drupal goto function, allowing for an Open Redirect. This could trick users into visiting a specially crafted link that...
Drupal Core double-encoded 'destination' parameter open redirect vulnerability
Drupal is a free and open source content management system developed in PHP. An open redirection vulnerability exists in the Drupal Core double encoding of the 'destination' parameter.The Drupal 6 'drupalgoto' function fails to correctly decode the content of $REQUEST'destination' when used,...