Описание
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-5252
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72110
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html
- http://orchard.codeplex.com/discussions/283667
- http://secunia.com/advisories/47398
- http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard
- http://www.securityfocus.com/bid/51260
Связанные уязвимости
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.