2017-10-18 20:29:00 2017-11-08 16:49:10

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE
Drupal 7.0 Drupal 7.0 alpha1 Drupal 7.0 alpha2 Drupal 7.0 alpha3 Drupal 7.0 alpha4 Drupal 7.0 alpha5 Drupal 7.0 alpha6 Drupal 7.0 alpha7 Drupal 7.0 Beta 1 Drupal 7.0 Beta 2 Drupal 7.0 Beta 3 Drupal 7.0 dev Drupal 7.0 Release Candidate 1 Drupal 7.0 Release Candidate 2 Drupal 7.0 Release Candidate 3 Drupal 7.0 Release Candidate 4 Drupal 7.1 Drupal 7.2 Drupal 7.3 Drupal 7.4 Drupal 7.5 Drupal 7.6 Drupal 7.7 Drupal 7.8 Drupal 7.9 Drupal 7.10 Drupal 7.11 Drupal 7.12 Drupal 7.13 Drupal 7.14 Drupal 7.15 Drupal 7.16 Drupal 7.17 Drupal 7.18 Drupal 7.19 Drupal 7.20 Drupal 7.21 Drupal 7.22 Drupal 7.23 Drupal 7.24 Drupal 7.25 Drupal 7.26 Drupal 7.27 Drupal 7.28 Drupal 7.29 Drupal 7.30 Drupal Drupal 7.31 (not an official CPE) Drupal Drupal 7.32 (not an official CPE) Drupal 7.33 Drupal 7.34 Drupal 7.35 Drupal 7.36 Drupal 7.37 Drupal Drupal 7.38 Drupal Drupal 7.39 (not an official CPE) Drupal Drupal 7.40 (not an official CPE) Jquery update project Jquery update 7.x-2.0 ~~~drupal~~ (not an official CPE) Jquery update project Jquery update 7.x-2.1 ~~~drupal~~ (not an official CPE) Jquery update project Jquery update 7.x-2.2 ~~~drupal~~ (not an official CPE) Jquery update project Jquery update 7.x-2.3 ~~~drupal~~ (not an official CPE) Jquery update project Jquery update 7.x-2.4 ~~~drupal~~ (not an official CPE) Jquery update project Jquery update 7.x-2.5 ~~~drupal~~ (not an official CPE) Jquery update project Jquery update 7.x-2.6 ~~~drupal~~ (not an official CPE) Labjs project Labjs 7.x-1.0 ~~~drupal~~ (not an official CPE) Labjs project Labjs 7.x-1.0 Beta1 ~~~drupal~~ (not an official CPE) Labjs project Labjs 7.x-1.0 Rc1 ~~~drupal~~ (not an official CPE) Labjs project Labjs 7.x-1.1 ~~~drupal~~ (not an official CPE) Labjs project Labjs 7.x-1.2 ~~~drupal~~ (not an official CPE) Labjs project Labjs 7.x-1.3 ~~~drupal~~ (not an official CPE) Labjs project Labjs 7.x-1.4 ~~~drupal~~ (not an official CPE) Labjs project Labjs 7.x-1.5 ~~~drupal~~ (not an official CPE) Labjs project Labjs 7.x-1.6 ~~~drupal~~ (not an official CPE) Labjs project Labjs 7.x-1.7 ~~~drupal~~ (not an official CPE)