{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56010?format=json","vulnerability_id":"VCID-jtcp-dw8k-pfbz","summary":"Drupal Open Redirect\nOpen redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.","aliases":[{"alias":"CVE-2012-1589"},{"alias":"GHSA-wwrm-8947-4m6c"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32251?format=json","purl":"pkg:composer/drupal/drupal@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-349d-w26k-mqfw"},{"vulnerability":"VCID-3fka-y25d-m7a3"},{"vulnerability":"VCID-3hf4-tvxn-zyh4"},{"vulnerability":"VCID-48ut-ykkc-83fx"},{"vulnerability":"VCID-53h1-sj47-gugn"},{"vulnerability":"VCID-5618-53yg-8qh4"},{"vulnerability":"VCID-565p-mgqe-gkfc"},{"vulnerability":"VCID-6ck5-9e5b-w3ay"},{"vulnerability":"VCID-6m8x-cfzp-tkf4"},{"vulnerability":"VCID-8nda-kjr2-ufd4"},{"vulnerability":"VCID-9j42-9tx5-yfbq"},{"vulnerability":"VCID-9wt5-xe6d-n3cb"},{"vulnerability":"VCID-bk92-66re-dkc5"},{"vulnerability":"VCID-btgv-ef3h-83d3"},{"vulnerability":"VCID-cucx-jfqf-pkd1"},{"vulnerability":"VCID-cvxp-ctj9-guej"},{"vulnerability":"VCID-djgn-ezxp-37eu"},{"vulnerability":"VCID-en3b-g3f3-a3e3"},{"vulnerability":"VCID-er79-qj6u-sbgr"},{"vulnerability":"VCID-g1rp-twzp-63e1"},{"vulnerability":"VCID-ga35-289v-vqhr"},{"vulnerability":"VCID-gbz5-5frj-hber"},{"vulnerability":"VCID-gypk-ukbc-7qe3"},{"vulnerability":"VCID-gzcu-sbks-wyfa"},{"vulnerability":"VCID-jfq8-xxwa-mkd1"},{"vulnerability":"VCID-jnu7-1j9c-dqck"},{"vulnerability":"VCID-jtcp-dw8k-pfbz"},{"vulnerability":"VCID-k1gx-nznx-7qd6"},{"vulnerability":"VCID-kc7d-5k6x-77bp"},{"vulnerability":"VCID-mhk6-9qdy-83f3"},{"vulnerability":"VCID-mt37-qzh7-gyfv"},{"vulnerability":"VCID-nd8n-5dsu-2fbp"},{"vulnerability":"VCID-rdgr-yuu7-xkey"},{"vulnerability":"VCID-rhj7-dy7q-jkhw"},{"vulnerability":"VCID-s8u8-xbdk-87dj"},{"vulnerability":"VCID-s9kv-9qfu-gbdq"},{"vulnerability":"VCID-sbmj-9trz-2ybf"},{"vulnerability":"VCID-ssyn-dxp9-3kdq"},{"vulnerability":"VCID-u5wt-ndvn-3ffg"},{"vulnerability":"VCID-utyg-huhu-2ucq"},{"vulnerability":"VCID-v9v6-ae3e-g3hk"},{"vulnerability":"VCID-vura-3gnb-rybs"},{"vulnerability":"VCID-wbvy-zrtk-audw"},{"vulnerability":"VCID-we42-mkyk-hfer"},{"vulnerability":"VCID-wwvq-399y-rfhc"},{"vulnerability":"VCID-yare-57j9-j7cs"},{"vulnerability":"VCID-yrzt-3m97-53ce"},{"vulnerability":"VCID-z5ba-3etw-eqb4"},{"vulnerability":"VCID-zw3u-6ue7-efdf"},{"vulnerability":"VCID-zxqc-67jp-uba7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/drupal/drupal@7.0.0"}],"references":[{"reference_url":"http://drupal.org/node/1557938","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://drupal.org/node/1557938"},{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2012-000045","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2012-000045"},{"reference_url":"http://jvn.jp/en/jp/JVN45898075/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN45898075/index.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1589","reference_id":"","reference_type":"","scores":[{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58517","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58365","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58408","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58421","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58449","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58312","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58397","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58417","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58391","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58444","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.5845","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58467","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58447","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58428","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.5846","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58465","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58442","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58404","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58416","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58402","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1589"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1589","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1589"},{"reference_url":"https://web.archive.org/web/20120507035905/http://www.securityfocus.com/bid/53365","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120507035905/http://www.securityfocus.com/bid/53365"},{"reference_url":"https://web.archive.org/web/20150523060428/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:074/?name=MDVSA-2013:074","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150523060428/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:074/?name=MDVSA-2013:074"},{"reference_url":"https://github.com/advisories/GHSA-wwrm-8947-4m6c","reference_id":"GHSA-wwrm-8947-4m6c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wwrm-8947-4m6c"}],"weaknesses":[{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."},{"cwe_id":601,"name":"URL Redirection to Untrusted Site ('Open Redirect')","description":"A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jtcp-dw8k-pfbz"}