Vulnerability CVE-2015-3378
Published: 2015-04-21   Modified: 2015-04-22

Description:
Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views.

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
4.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Views project -> Views 

 References:
http://www.openwall.com/lists/oss-security/2015/02/13/12
http://www.securityfocus.com/bid/72590
https://www.drupal.org/node/2424097
https://www.drupal.org/node/2424101
https://www.drupal.org/node/2424103
https://www.drupal.org/node/2424403
Copyright 2024, cxsecurity.com

 

Back to Top