Drupal Core 4.7.x Form Action Attribute Injection - CVE-2006-5477

Drupal Core is prone to a form action attribute injection vulnerability because it fails to properly verify user-supplied input. An attacker may leverage this issue to redirect Drupal form submissions to a third-party site under his control thus gaining access to sensitive information such as e-mail addresses and possible other private profile data. Drupal Core versions 4.7.x ranging from 4.7.0 and up to and including 4.7.3 are vulnerable.