CVE-2015-5510

Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destinations parameter, related to administration pages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
content_construction_kit_projectcontent_construction_kit
6.x-2.0:x
content_construction_kit_projectcontent_construction_kit
6.x-2.1:x
content_construction_kit_projectcontent_construction_kit
6.x-2.2:x
content_construction_kit_projectcontent_construction_kit
6.x-2.3:x
content_construction_kit_projectcontent_construction_kit
6.x-2.4:x
content_construction_kit_projectcontent_construction_kit
6.x-2.5:x
content_construction_kit_projectcontent_construction_kit
6.x-2.6:x
content_construction_kit_projectcontent_construction_kit
6.x-2.7:x
content_construction_kit_projectcontent_construction_kit
6.x-2.8:x
content_construction_kit_projectcontent_construction_kit
6.x-2.9:x
𝑥
= Vulnerable software versions
References
http://www.openwall.com/lists/oss-security/2015/07/04/4
http://www.securityfocus.com/bid/75281
https://www.drupal.org/node/2507753
https://www.drupal.org/node/2507763
http://www.openwall.com/lists/oss-security/2015/07/04/4
http://www.securityfocus.com/bid/75281
https://www.drupal.org/node/2507753
https://www.drupal.org/node/2507763