Drupal · Drupal · CVE-2015-2749
**Name of the Vulnerable Software and Affected Versions**
Drupal versions 6.x through 6.34
Drupal versions 7.x through 7.34
**Description**
The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the `destination` parameter. This can lead to phishing attacks.
**Recommendations**
For Drupal versions 6.x through 6.34, update to version 6.35 or later.
For Drupal versions 7.x through 7.34, update to version 7.35 or later.