CVE-2015-3358

Name of the Vulnerable Software and Affected Versions Tadaa! module versions prior to 7.x-1.4 for Drupal

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a destination parameter. This is related to callbacks that enable and disable modules or change variables, specifically affecting the Tadaa! module.

Recommendations For Tadaa! module versions prior to 7.x-1.4, update to version 7.x-1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the destination parameter in the affected module to minimize the risk of exploitation.