CVE-2015-5062

Опубликовано: 24 июн. 2015

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.

Комментарий

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Ссылки

http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt
http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html
Exploit
http://www.securityfocus.com/archive/1/535716/100/0/threaded
http://www.securityfocus.com/bid/75419
http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt
http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html
Exploit
http://www.securityfocus.com/archive/1/535716/100/0/threaded
http://www.securityfocus.com/bid/75419

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:silverstripe:silverstripe:3.1.13:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00347

Низкий

5.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2015-5062

debian

больше 10 лет назад

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 all ...

GHSA-fh35-p8ph-p545

github

больше 3 лет назад

Silverstripe CMS Open Redirect