Описание
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:embedthis:goahead:2.5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.16676
Средний
8.6 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 8.6
github
больше 3 лет назад
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
EPSS
Процентиль: 95%
0.16676
Средний
8.6 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-94