exploitDog

CVE-2020-21998

Опубликовано: 27 апр. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

Ссылки

https://cxsecurity.com/issue/WLB-2019120132
Exploit
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5559.php
Exploit
Third Party Advisory
https://cxsecurity.com/issue/WLB-2019120132
Exploit
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5559.php
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:homeautomation_project:homeautomation:3.3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01964

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-jp2g-6jcr-6p62

github

больше 3 лет назад

In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

EPSS

Процентиль: 83%

0.01964

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601