VIR Vulnerability Intelligence Relay

CVE-2013-6389

medium
Published 2013-12-07 · Modified 2024-10-30
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS v2
5.8
VIR risk
5.8

Description

Drupal has open redirect vulnerability in the Overlay module

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://drupal.org/SA-CORE-2013-003

Package impact
EcosystemPackageVulnerableFixed
php Packagistdrupal/drupal>=7.0,<7.247.24

Application impact
VendorProductVersionsFixed
drupaldrupal7.0
drupaldrupal7.1
drupaldrupal7.2
drupaldrupal7.3
drupaldrupal7.4
drupaldrupal7.5
drupaldrupal7.6
drupaldrupal7.7
drupaldrupal7.8
drupaldrupal7.9
drupaldrupal7.10
drupaldrupal7.11
drupaldrupal7.12
drupaldrupal7.13
drupaldrupal7.14
drupaldrupal7.15
drupaldrupal7.16
drupaldrupal7.17
drupaldrupal7.18
drupaldrupal7.19
drupaldrupal7.20
drupaldrupal7.21
drupaldrupal7.22
drupaldrupal7.23
drupaldrupal7.x-dev

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.