Vulnerability CVE-2018-8937

Vulnerability CVE-2018-8937

Published: 2018-03-26

Description:

An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code.

Type:

CWE-601

(URL Redirection to Untrusted Site ('Open Redirect'))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5.8/10	4.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	None

Affected software
Open-audit -> Open-audit

References:

https://nileshsapariya.blogspot.ae/2018/03/open-redirect-to-reflected-xss-open.html

Copyright 2024, cxsecurity.com