Name of the Vulnerable Software and Affected Versions: Drupal version 7

Description: The issue is caused by insufficient validation of the destination query parameter in the drupal goto() function, allowing for an Open Redirect. This could trick users into visiting a specially crafted link that redirects them to an arbitrary external URL.

Recommendations: For Drupal version 7, update the drupal goto() function to properly validate the destination query parameter to prevent Open Redirect attacks.