Drupal · Drupal · CVE-2012-1589
**Name of the Vulnerable Software and Affected Versions**
Drupal versions prior to 7.13
**Description**
The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL. This can be exploited through the Form API.
**Recommendations**
For versions prior to 7.13, update to version 7.13 or later to resolve the issue.