Drupal 7 has an Open Redirect vulnerability. For example, a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.
The vulnerability is caused by insufficient validation of the
destination query parameter in the
Other versions of Drupal core are not vulnerable.
Install the latest version:
- If you use Drupal 7.x upgrade to Drupal 7.70