CVE-2013-4723

2014-04-2517:12:03

CWE-20

mitre

web.nvd.nist.gov

cve-2013-4723

open redirect

ddsn interactive

acora cms

vulnerability

remote attack

phishing

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.003

Percentile

66.1%

JSON

Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.

Affected configurations

Nvd

Node

ddsncm3_acora_content_management_systemMatch5.5.0\/1b-p1

ddsncm3_acora_content_management_systemMatch5.5.7\/12b

ddsncm3_acora_content_management_systemMatch6.0.2\/1a

ddsncm3_acora_content_management_systemMatch6.0.6\/1a

VendorProductVersionCPE
ddsncm3_acora_content_management_system5.5.0/1b-p1cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.0\/1b-p1:*:*:*:*:*:*:*
ddsncm3_acora_content_management_system5.5.7/12bcpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.7\/12b:*:*:*:*:*:*:*
ddsncm3_acora_content_management_system6.0.2/1acpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.2\/1a:*:*:*:*:*:*:*
ddsncm3_acora_content_management_system6.0.6/1acpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.6\/1a:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ddsn	cm3_acora_content_management_system	5.5.0/1b-p1	cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.0\/1b-p1:::::::*
ddsn	cm3_acora_content_management_system	5.5.7/12b	cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.7\/12b:::::::*
ddsn	cm3_acora_content_management_system	6.0.2/1a	cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.2\/1a:::::::*
ddsn	cm3_acora_content_management_system	6.0.6/1a	cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.6\/1a:::::::*