Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-1000671

Опубликовано: 06 сент. 2018
Источник: debian

Описание

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
sympafixed6.2.36~dfsg-1package

Примечания

  • https://github.com/sympa-community/sympa/issues/268

  • https://github.com/sympa-community/sympa/commit/c6ce32a6c203070702eac45a4442a17d2bf7b0c1

  • https://github.com/sympa-community/sympa/commit/03314a9baf7f7903283253829877afd0ae50e325

Связанные уязвимости

ubuntu логотип

CVE-2018-1000671

CVSS3: 6.1
ubuntu
больше 7 лет назад

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.

nvd логотип

CVE-2018-1000671

CVSS3: 6.1
nvd
больше 7 лет назад

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.

github логотип

GHSA-rxx7-mqqx-phw8

CVSS3: 6.1
github
больше 3 лет назад

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.

fstec логотип

BDU:2021-02275

CVSS3: 6.1
fstec
почти 8 лет назад

Уязвимость менеджера электронных списков рассылки Sympa, связанная с использованием открытой переадресации , позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации