Drupal · Drupal Global Redirect Module · CVE-2010-2021
**Name of the Vulnerable Software and Affected Versions**
Drupal Global Redirect module versions 6.x-1.x before 6.x-1.4
Drupal Global Redirect module versions 7.x-1.x before 7.x-1.4
**Description**
The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via a URL in the `q` parameter when non-clean to clean is enabled.
**Recommendations**
For Drupal Global Redirect module version 6.x-1.x, update to version 6.x-1.4 or later.
For Drupal Global Redirect module version 7.x-1.x, update to version 7.x-1.4 or later.