| Description: | Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. It was discovered that Drupal did not properly protect against open redirects. An attacker could use this vulnerability to send unsuspecting users to 3rd party sites and potentially carry out phishing attacks.
|