PT-2017-7300 · Drupal · Jquery Update+2

Pere Orga

Published

2015-11-04

Updated

2017-11-08

CVE-2015-7943

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Drupal versions prior to 7.41 jQuery Update module versions prior to 7.x-2.7 for Drupal LABjs module versions prior to 7.x-1.8 for Drupal

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is due to an incomplete fix for a previous issue.

Recommendations For Drupal versions prior to 7.41, update to version 7.41 or later. For jQuery Update module versions prior to 7.x-2.7, update to version 7.x-2.7 or later. For LABjs module versions prior to 7.x-1.8, update to version 7.x-1.8 or later.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2015-7943

DLA-548-1

DSA-3897-1

MGASA-2015-0425

Affected Products

Drupal

Labjs

Jquery Update

PT-2017-7300 · Drupal · Jquery Update+2

CVE-2015-7943

Weakness Enumeration

Related Identifiers

Affected Products

References · 27