CVE-2012-4489

Name of the Vulnerable Software and Affected Versions Drupal Secure Login module versions 7.x-1.x before 7.x-1.3

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. This is due to an open redirect vulnerability in the securelogin secure redirect function.

Recommendations For versions prior to 7.x-1.3, update to version 7.x-1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the securelogin secure redirect function to minimize the risk of exploitation. Avoid using the q parameter in the affected API endpoint until the issue is resolved.