Vigil@nce - Drupal Content Construction Kit: arbitrary redirects
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the "destinations" parameter of several
request managed by this module to trigger arbitrary redirections
and so deceive the end user about the real identity of the visited
site.
Impacted products: Drupal Modules not comprehensive.
Severity: 2/4.
Creation date: 18/06/2015.
DESCRIPTION OF THE VULNERABILITY
The Content Construction Kit module can be installed on Drupal.
An attacker can use the "destinations" parameter of several
request managed by this module to trigger arbitrary redirections
and so deceive the end user about the real identity of the visited
site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-Content-Construction-Kit-arbitrary-redirects-17165