Описание
Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class.
Ссылки
- ExploitPatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitPatchThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
EPSS
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class.
EPSS
6.1 Medium
CVSS3