Published: 18/10/2017 Updated: 08/11/2017

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Open redirect vulnerability in the Overlay module in Drupal 7.x prior to 7.41, the jQuery Update module 7.x-2.x prior to 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x prior to 7.x-1.8 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233.

Vulnerable Product	Search on Vulmon	Subscribe to Product
labjs project labjs 7.x-1.0
jquery update project jquery update 7.x-2.3
jquery update project jquery update 7.x-2.4
jquery update project jquery update 7.x-2.5
jquery update project jquery update 7.x-2.6
drupal drupal 7.0
drupal drupal 7.1
drupal drupal 7.15
drupal drupal 7.16
drupal drupal 7.17
drupal drupal 7.18
drupal drupal 7.31
labjs project labjs 7.x-1.2
labjs project labjs 7.x-1.7
jquery update project jquery update 7.x-2.1
drupal drupal 7.2
drupal drupal 7.4
drupal drupal 7.11
drupal drupal 7.13
drupal drupal 7.20
drupal drupal 7.22
drupal drupal 7.27
drupal drupal 7.29
drupal drupal 7.36
drupal drupal 7.38
labjs project labjs 7.x-1.3
labjs project labjs 7.x-1.4
labjs project labjs 7.x-1.5
labjs project labjs 7.x-1.6
drupal drupal 7.6
drupal drupal 7.7
drupal drupal 7.8
drupal drupal 7.9
drupal drupal 7.23
drupal drupal 7.24
drupal drupal 7.25
drupal drupal 7.26
drupal drupal 7.40
drupal drupal 7.32
drupal drupal 7.33
drupal drupal 7.34
drupal drupal 7.35
labjs project labjs 7.x-1.1
jquery update project jquery update 7.x-2.0
jquery update project jquery update 7.x-2.2
drupal drupal 7.3
drupal drupal 7.5
drupal drupal 7.10
drupal drupal 7.12
drupal drupal 7.14
drupal drupal 7.19
drupal drupal 7.21
drupal drupal 7.28
drupal drupal 7.30
drupal drupal 7.37
drupal drupal 7.39

Two vulnerabilities were discovered in Drupal, a fully-featured content management framework The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-7943 Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to displaying their contents, leading t ...

CWE-601 https://www.drupal.org/node/2598434 https://www.drupal.org/node/2598426 https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2015-10-21/drupal-core-overlay-less-critical http://www.securityfocus.com/bid/77293 http://www.debian.org/security/2017/dsa-3897 https://www.debian.org/security/./dsa-3897 https://nvd.nist.gov

CVE-2015-7943

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect