DRUPAL-CONTRIB-2026-030

This module provides a site administrator the ability to log users out after a specified time of inactivity. The module doesn't sufficiently protect its routes from cross-site request forgery CSRF, allowing the logout route to be triggered without user interaction...

PT-2026-26218

Name of the Vulnerable Software and Affected Versions Drupal Automated Logout versions 0.0.0 through 1.6.9 Drupal Automated Logout versions 2.0.0 through 2.0.1 Description The Automated Logout module for Drupal does not adequately protect its routes against Cross-Site Request Forgery CSRF. This...

Open Redirect

Flarum is vulnerable to Open Redirect. The vulnerability is caused due to a lack of proper sanitization in the handling of the redirect parameters within the /logout route. This allows an attacker to craft a URL with a malicious redirect parameter...

CVE-2024-21641

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

CVE-2024-21641 Flarum's Logout Route allows open redirects

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

CVE-2024-21641 Flarum's Logout Route allows open redirects

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

GHSA-733R-8XCP-W9MR Flarum's logout Route allows open redirects

Impact The Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. Sample: example.com/logout?return=https://google.com. For logged-in users, the logout must be confirmed. Guests are...

Flarum's logout Route allows open redirects

Impact The Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. Sample: example.com/logout?return=https://google.com. For logged-in users, the logout must be confirmed. Guests are...

Flarum Input Validation Error Vulnerability

Flarum is an open source forum system for the Flarum community. An input validation error vulnerability exists in Flarum versions prior to 1.8.5, which stems from the logout route containing a redirection parameter that allows any third party to redirect users from a trusted domain to any link...

PT-2024-18991 · Flarum · Flarum

Name of the Vulnerable Software and Affected Versions: Flarum versions prior to 1.8.5 Description: The Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to any link. For logged-in users, the logout mus...