Drupal is prone to an open-redirection vulnerability.
An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.
Note: This issue is the result of an incomplete fix for the issue described in 75284 (Drupal Core Overlay Module CVE-2015-3233 Open Redirection Vulnerability).
Information
Drupal LABjs 7.x-1.6
Drupal LABjs 7.x-1.5
Drupal LABjs 7.x-1.4
Drupal LABjs 7.x-1.3
Drupal LABjs 7.x-1.2
Drupal LABjs 7.x-1.1
Drupal LABjs 7.x-1.0
Drupal jQuery Update 7.x-2.6
Drupal jQuery Update 7.x-2.5
Drupal jQuery Update 7.x-2.4
Drupal jQuery Update 7.x-2.3
Drupal jQuery Update 7.x-2.2
Drupal jQuery Update 7.x-2.1
Drupal jQuery Update 7.x-2.0
Drupal Drupal 7.9
Drupal Drupal 7.8
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.4
Drupal Drupal 7.39
Drupal Drupal 7.38
Drupal Drupal 7.37
Drupal Drupal 7.36
Drupal Drupal 7.35
Drupal Drupal 7.34
Drupal Drupal 7.33
Drupal Drupal 7.32
Drupal Drupal 7.31
Drupal Drupal 7.30
Drupal Drupal 7.3
Drupal Drupal 7.29
Drupal Drupal 7.28
Drupal Drupal 7.27
Drupal Drupal 7.26
Drupal Drupal 7.25
Drupal Drupal 7.24
Drupal Drupal 7.23
Drupal Drupal 7.22
Drupal Drupal 7.21
Drupal Drupal 7.20
Drupal Drupal 7.2
Drupal Drupal 7.19
Drupal Drupal 7.18
Drupal Drupal 7.17
Drupal Drupal 7.16
Drupal Drupal 7.15
Drupal Drupal 7.14
Drupal Drupal 7.13
Drupal Drupal 7.12
Drupal Drupal 7.11
Drupal Drupal 7.10
Drupal Drupal 7.1
Drupal Drupal 7.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Drupal jQuery Update 7.x-2.7
Drupal Drupal 7.41
Exploit
An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.
References: