Name of the Vulnerable Software and Affected Versions Drupal core (affected versions not specified)

Description The issue allows malicious users to construct a URL that tricks users into being redirected to a 3rd party website, exposing them to potential social engineering attacks. This is possible due to the way Drupal core and contributed modules use a destination query string parameter in URLs to redirect users after completing an action.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.