Name of the Vulnerable Software and Affected Versions Drupal version 7

Description The issue is caused by insufficient validation of the destination query parameter in the drupal goto() function, allowing for an Open Redirect. This could trick users into visiting a specially crafted link that redirects them to an arbitrary external URL.

Recommendations For Drupal version 7, consider restricting the use of the drupal goto() function until a patch is available, or apply the necessary validation to the destination query parameter to prevent redirection to arbitrary external URLs.