Impact
The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable.
Patches
The problem is fixed in 1.7.6.5
The open redirection is still active, but you need to be connected. We keep this behaviour because modules are using it in the back office.
References
Open Redirect (CWE-601)
Introduced by #13233
Impact
The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable.
Patches
The problem is fixed in 1.7.6.5
The open redirection is still active, but you need to be connected. We keep this behaviour because modules are using it in the back office.
References
Open Redirect (CWE-601)
Introduced by #13233