CVE-2019-10721

Опубликовано: 03 июл. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx.

Ссылки

https://github.com/rxtur/BlogEngine.NET/commits/master
Patch
Third Party Advisory
https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
Exploit
Patch
Third Party Advisory
https://github.com/rxtur/BlogEngine.NET/commits/master
Patch
Third Party Advisory
https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dotnetblogengine:blogengine.net:3.3.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00199

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-mc4j-664q-m2wf