CVE-2012-2727

Name of the Vulnerable Software and Affected Versions Janrain Capture module versions 6.x-1.0 through 7.x-1.0 for Drupal

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. This occurs when synchronizing user data.

Recommendations For versions 6.x-1.0 and 7.x-1.0, avoid using the destination parameter in the affected API endpoint until the issue is resolved. Restrict access to the user data synchronization feature to minimize the risk of exploitation.