Drupal Core 7.x Open Redirect (7.0 - 7.69)
Description
Drupal Core is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. Drupal Core versions 7.x ranging from 7.0 and up to and including 7.69 are vulnerable.
Remediation
Update to Drupal Core version 7.70 or latest