VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-jtcp-dw8k-pfbz

Essentials
Severities (22)
References (8)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jtcp-dw8k-pfbz
Aliases	CVE-2012-1589 GHSA-wwrm-8947-4m6c
Summary	Drupal Open Redirect Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-20	Improper Input Validation
CWE-601	URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://drupal.org/node/1557938
generic_textual	MODERATE	http://jvndb.jvn.jp/jvndb/JVNDB-2012-000045
generic_textual	MODERATE	http://jvn.jp/en/jp/JVN45898075/index.html
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
epss	0.00363	https://api.first.org/data/v1/epss?cve=CVE-2012-1589
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-wwrm-8947-4m6c
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2012-1589
generic_textual	MODERATE	https://web.archive.org/web/20120507035905/http://www.securityfocus.com/bid/53365
generic_textual	MODERATE	https://web.archive.org/web/20150523060428/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:074/?name=MDVSA-2013:074

Reference id	Reference type	URL
		http://drupal.org/node/1557938
		http://jvndb.jvn.jp/jvndb/JVNDB-2012-000045
		http://jvn.jp/en/jp/JVN45898075/index.html
		https://api.first.org/data/v1/epss?cve=CVE-2012-1589
		https://nvd.nist.gov/vuln/detail/CVE-2012-1589
		https://web.archive.org/web/20120507035905/http://www.securityfocus.com/bid/53365
		https://web.archive.org/web/20150523060428/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:074/?name=MDVSA-2013:074
GHSA-wwrm-8947-4m6c		https://github.com/advisories/GHSA-wwrm-8947-4m6c

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.58312
EPSS Score	0.00363
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:09:57.816414+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wwrm-8947-4m6c/GHSA-wwrm-8947-4m6c.json	38.0.0