CVE-2015-7943

Low

Low Medium High Critical

CVSS Score

Published: Oct 18, 2017

Last Modified: Apr 20, 2025

Vulnerability Description

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233.

Known Affected Software

56 configuration(s) from 3 vendor(s)

drupal

Version:

7.38

CPE:

cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*

drupal

Version:

7.26

CPE:

cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*

drupal

Version:

7.9

CPE:

cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*

drupal

Version:

7.5

CPE:

cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*

drupal

Version:

7.3

CPE:

cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*

drupal

Version:

7.32

CPE:

cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*

drupal

Version:

7.24

CPE:

cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*

drupal

Version:

7.4

CPE:

cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*

drupal

Version:

7.11

CPE:

cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*

drupal

Version:

7.0

CPE:

cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*

drupal

Version:

7.21

CPE:

cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*

drupal

Version:

7.27

CPE:

cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*

drupal

Version:

7.23

CPE:

cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*

drupal

Version:

7.35

CPE:

cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*

drupal

Version:

7.8

CPE:

cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*

drupal

Version:

7.7

CPE:

cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*

drupal

Version:

7.36

CPE:

cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*

drupal

Version:

7.10

CPE:

cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*

drupal

Version:

7.33

CPE:

cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*

drupal

Version:

7.2

CPE:

cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*

drupal

Version:

7.39

CPE:

cpe:2.3:a:drupal:drupal:7.39:*:*:*:*:*:*:*

drupal

Version:

7.29

CPE:

cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*

drupal

Version:

7.15

CPE:

cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*

drupal

Version:

7.22

CPE:

cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*

drupal

Version:

7.25

CPE:

cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*

drupal

Version:

7.34

CPE:

cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*

drupal

Version:

7.28

CPE:

cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*

drupal

Version:

7.16

CPE:

cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*

drupal

Version:

7.1

CPE:

cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*

drupal

Version:

7.30

CPE:

cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*

drupal

Version:

7.13

CPE:

cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*

drupal

Version:

7.14

CPE:

cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*

drupal

Version:

7.31

CPE:

cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*

drupal

Version:

7.37

CPE:

cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*

drupal

Version:

7.17

CPE:

cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*

drupal

Version:

7.19

CPE:

cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*

drupal

Version:

7.12

CPE:

cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*

drupal

Version:

7.20

CPE:

cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*

drupal

Version:

7.18

CPE:

cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*

drupal

Version:

7.40

CPE:

cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*

drupal

Version:

7.6

CPE:

cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*

jquery_update

Version:

7.x-2.4

CPE:

cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.4:*:*:*:*:drupal:*:*

jquery_update

Version:

7.x-2.5

CPE:

cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.5:*:*:*:*:drupal:*:*

jquery_update

Version:

7.x-2.2

CPE:

cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.2:*:*:*:*:drupal:*:*

jquery_update

Version:

7.x-2.3

CPE:

cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.3:-:*:*:*:drupal:*:*

jquery_update

Version:

7.x-2.1

CPE:

cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.1:*:*:*:*:drupal:*:*

jquery_update

Version:

7.x-2.0

CPE:

cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.0:*:*:*:*:drupal:*:*

jquery_update

Version:

7.x-2.6

CPE:

cpe:2.3:a:jquery_update_project:jquery_update:7.x-2.6:*:*:*:*:drupal:*:*

labjs

Version:

7.x-1.6

CPE:

cpe:2.3:a:labjs_project:labjs:7.x-1.6:*:*:*:*:drupal:*:*

labjs

Version:

7.x-1.0

CPE:

cpe:2.3:a:labjs_project:labjs:7.x-1.0:*:*:*:*:drupal:*:*

labjs

Version:

7.x-1.5

CPE:

cpe:2.3:a:labjs_project:labjs:7.x-1.5:*:*:*:*:drupal:*:*

labjs

Version:

7.x-1.3

CPE:

cpe:2.3:a:labjs_project:labjs:7.x-1.3:*:*:*:*:drupal:*:*

labjs

Version:

7.x-1.7

CPE:

cpe:2.3:a:labjs_project:labjs:7.x-1.7:*:*:*:*:drupal:*:*

labjs

Version:

7.x-1.4

CPE:

cpe:2.3:a:labjs_project:labjs:7.x-1.4:*:*:*:*:drupal:*:*

labjs

Version:

7.x-1.1

CPE:

cpe:2.3:a:labjs_project:labjs:7.x-1.1:*:*:*:*:drupal:*:*

labjs

Version:

7.x-1.2

CPE:

cpe:2.3:a:labjs_project:labjs:7.x-1.2:*:*:*:*:drupal:*:*

This vulnerability affects 56 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

Description: The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Exploit Likelihood: Low
Typical Severity: High
Abstraction Level: Base