Описание
An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.1.0 (исключая)
cpe:2.3:a:cryptshare:cryptshare_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.0014
Низкий
5.4 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
CWE-601
Связанные уязвимости
github
около 4 лет назад
An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter.
EPSS
Процентиль: 34%
0.0014
Низкий
5.4 Medium
CVSS3
4.9 Medium
CVSS2
Дефекты
CWE-601