{"id":"UBUNTU-CVE-2015-2750","details":"Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the \"//\" initial sequence.","modified":"2026-02-04T02:29:00.930726Z","published":"2017-09-13T16:29:00Z","related":["USN-4773-1"],"upstream":["CVE-2015-2750"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-2750"},{"type":"REPORT","url":"https://www.drupal.org/SA-CORE-2015-001"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-2750"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4773-1"}],"affected":[{"package":{"name":"drupal7","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/drupal7@7.26-1ubuntu0.1+esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.26-1ubuntu0.1+esm1"}]}],"versions":["7.23-1","7.24-1","7.24-2","7.26-1","7.26-1ubuntu0.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_name":"drupal7","binary_version":"7.26-1ubuntu0.1+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-2750.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}