CVE-2012-1589 - Keeperless Attesting

Description

Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.

Reference

http://drupal.org/node/1557938 http://jvn.jp/en/jp/JVN45898075/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000045 http://www.securityfocus.com/bid/53365 http://osvdb.org/81679 http://secunia.com/advisories/49012 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074