Drupal 7.x < 7.41 Overlay Module Open Redirect
Medium Nessus Network Monitor Plugin ID 9219
SynopsisThe remote server is hosting an outdated installation of Drupal that is affected by an open redirect vulnerability.
DescriptionThe remote web server is running a version of Drupal that is 7.x prior to 7.41. It is, therefore, affected by an open redirect vulnerability in the Overlay module due to improper validation of URLs before displaying their contents. An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to redirect a victim from an intended legitimate website to an arbitrary website. This vulnerability can only be exploited against Drupal users who have both the 'Access the administrative overlay' permission and the Overlay module enabled.
SolutionUpgrade to Drupal 7.41, or later.