Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-vura-3gnb-rybs
Vulnerability ID VCID-vura-3gnb-rybs
Aliases CVE-2020-13662
GHSA-gjqg-9rhv-qj67
Summary Drupal Core Open Redirect vulnerability Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
epss 0.0066 https://api.first.org/data/v1/epss?cve=CVE-2020-13662
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-gjqg-9rhv-qj67
cvssv3.1 6.1 https://github.com/drupal/core
generic_textual MODERATE https://github.com/drupal/core
cvssv3.1 6.1 https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13662.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13662.yaml
cvssv3.1 6.1 https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13662.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13662.yaml
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-13662
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2020-13662
cvssv3.1 6.1 https://www.drupal.org/sa-core-2020-003
generic_textual MODERATE https://www.drupal.org/sa-core-2020-003
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-13662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13662
https://github.com/drupal/core
https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13662.yaml
https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13662.yaml
https://nvd.nist.gov/vuln/detail/CVE-2020-13662
https://www.drupal.org/sa-core-2020-003
GHSA-gjqg-9rhv-qj67 https://github.com/advisories/GHSA-gjqg-9rhv-qj67
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/drupal/core
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2020-13662.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2020-13662.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-13662
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.drupal.org/sa-core-2020-003
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.71045
EPSS Score 0.0066
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:09:54.630490+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gjqg-9rhv-qj67/GHSA-gjqg-9rhv-qj67.json 38.0.0