VDB

GCVE-110-MAGEIA-2015-425

GCVE-110-MAGEIA-2015-425
Advisory Published
Vulnetix · Advisory published November 4, 2015
The Overlay module in Drupal core displays administrative pages as a layer over the current page (using JavaScript), rather than replacing the page in the browser window. The Overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability (CVE-2015-7943).

Affected Products

VendorProductVersionsPlatforms
Mageiadrupal7.41-1.1.mga5 (unaffected), 0 (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›