English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

CVE-2016-9451

Low
Low Medium High Critical
CVSS Score
Published: Nov 25, 2016
Last Modified: Apr 12, 2025
CWE: CWE-601

Vulnerability Description

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.

Known Affected Software

41 configuration(s) from 1 vendor(s)

drupal
Version:
7.38
CPE:
cpe:2.3:a:drupal:drupal:7.38:*:*:*:*:*:*:*
drupal
Version:
7.26
CPE:
cpe:2.3:a:drupal:drupal:7.26:*:*:*:*:*:*:*
drupal
Version:
7.3
CPE:
cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*
drupal
Version:
7.32
CPE:
cpe:2.3:a:drupal:drupal:7.32:*:*:*:*:*:*:*
drupal
Version:
7.24
CPE:
cpe:2.3:a:drupal:drupal:7.24:*:*:*:*:*:*:*
drupal
Version:
7.41
CPE:
cpe:2.3:a:drupal:drupal:7.41:*:*:*:*:*:*:*
drupal
Version:
7.42
CPE:
cpe:2.3:a:drupal:drupal:7.42:*:*:*:*:*:*:*
drupal
Version:
7.4
CPE:
cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*
drupal
Version:
7.11
CPE:
cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*
drupal
Version:
7.0
CPE:
cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*
drupal
Version:
7.21
CPE:
cpe:2.3:a:drupal:drupal:7.21:*:*:*:*:*:*:*
drupal
Version:
7.27
CPE:
cpe:2.3:a:drupal:drupal:7.27:*:*:*:*:*:*:*
drupal
Version:
7.50
CPE:
cpe:2.3:a:drupal:drupal:7.50:*:*:*:*:*:*:*
drupal
Version:
7.44
CPE:
cpe:2.3:a:drupal:drupal:7.44:*:*:*:*:*:*:*
drupal
Version:
7.51
CPE:
cpe:2.3:a:drupal:drupal:7.51:*:*:*:*:*:*:*
drupal
Version:
7.23
CPE:
cpe:2.3:a:drupal:drupal:7.23:*:*:*:*:*:*:*
drupal
Version:
7.35
CPE:
cpe:2.3:a:drupal:drupal:7.35:*:*:*:*:*:*:*
drupal
Version:
7.43
CPE:
cpe:2.3:a:drupal:drupal:7.43:*:*:*:*:*:*:*
drupal
Version:
7.36
CPE:
cpe:2.3:a:drupal:drupal:7.36:*:*:*:*:*:*:*
drupal
Version:
7.10
CPE:
cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*
drupal
Version:
7.33
CPE:
cpe:2.3:a:drupal:drupal:7.33:*:*:*:*:*:*:*
drupal
Version:
7.2
CPE:
cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*
drupal
Version:
7.29
CPE:
cpe:2.3:a:drupal:drupal:7.29:*:*:*:*:*:*:*
drupal
Version:
7.15
CPE:
cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*
drupal
Version:
7.22
CPE:
cpe:2.3:a:drupal:drupal:7.22:*:*:*:*:*:*:*
drupal
Version:
7.25
CPE:
cpe:2.3:a:drupal:drupal:7.25:*:*:*:*:*:*:*
drupal
Version:
7.34
CPE:
cpe:2.3:a:drupal:drupal:7.34:*:*:*:*:*:*:*
drupal
Version:
7.28
CPE:
cpe:2.3:a:drupal:drupal:7.28:*:*:*:*:*:*:*
drupal
Version:
7.16
CPE:
cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*
drupal
Version:
7.1
CPE:
cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*
drupal
Version:
7.30
CPE:
cpe:2.3:a:drupal:drupal:7.30:*:*:*:*:*:*:*
drupal
Version:
7.13
CPE:
cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*
drupal
Version:
7.14
CPE:
cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*
drupal
Version:
7.31
CPE:
cpe:2.3:a:drupal:drupal:7.31:*:*:*:*:*:*:*
drupal
Version:
7.37
CPE:
cpe:2.3:a:drupal:drupal:7.37:*:*:*:*:*:*:*
drupal
Version:
7.17
CPE:
cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*
drupal
Version:
7.19
CPE:
cpe:2.3:a:drupal:drupal:7.19:*:*:*:*:*:*:*
drupal
Version:
7.12
CPE:
cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*
drupal
Version:
7.20
CPE:
cpe:2.3:a:drupal:drupal:7.20:*:*:*:*:*:*:*
drupal
Version:
7.18
CPE:
cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*
drupal
Version:
7.40
CPE:
cpe:2.3:a:drupal:drupal:7.40:*:*:*:*:*:*:*
This vulnerability affects 41 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0
Low

Weakness Type (CWE)

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Exploit Likelihood
Low
Typical Severity
High
Abstraction Level
Base
View CWE Details on MITRE

Key Information

Published Date
November 25, 2016

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record