GHSA-GXWX-C7M8-F95H Drupal Open redirect vulnerability in the drupal_goto function
Open redirect vulnerability in the drupalgoto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter...