exploitDog

CVE-2009-2138

Опубликовано: 19 июн. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tbdev:tbdev.net:*:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00476

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-2r6r-4grf-x8jc

github

почти 4 года назад

Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or (2) the returnto parameter in a delete action to news.php. NOTE: this can be leveraged for cross-site scripting (XSS) by redirecting to a data: URI.

EPSS

Процентиль: 64%

0.00476

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20