CVE-2020-13662

CWE-601Open Redirect6 documents5 sources
Severity
6.1MEDIUM
EPSS
0.7%
top 28.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Drupal CoreDrupal DrupalDrupal Drupal Core
Timeline
PublishedMay 5
Latest updateMay 24

Description

Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

Packagistdrupal/core7.0.07.70
CVEListV5drupal/drupal_core77.70
Packagistdrupal/drupal7.0.07.70
NVDdrupal/drupal7.07.70

🔴Vulnerability Details

4
GHSA
Drupal Core Open Redirect vulnerability2022-05-24
OSV
Drupal Core Open Redirect vulnerability2022-05-24
OSV
CVE-2020-13662: Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrar2021-05-05
CVEList
CVE-2020-13662: Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrar2021-05-05

📋Vendor Advisories

1
Drupal
Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-0032020-05-20
CVE-2020-13662 (MEDIUM CVSS 6.1) | Open Redirect vulnerability in Drup | cvebase.io