CVE-2015-3378

Name of the Vulnerable Software and Affected Versions Drupal Views module versions prior to 6.x-2.18 Drupal Views module versions 6.x-3.x prior to 6.x-3.2 Drupal Views module versions 7.x-3.x prior to 7.x-3.10

Description The issue allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks. This is related to the break lock page for edited views when the Views UI submodule is enabled.

Recommendations For versions prior to 6.x-2.18, update to version 6.x-2.18 or later. For versions 6.x-3.x prior to 6.x-3.2, update to version 6.x-3.2 or later. For versions 7.x-3.x prior to 7.x-3.10, update to version 7.x-3.10 or later.