Lucene search

Fluid AttacksCVELIST:CVE-2023-45202

HistoryNov 01, 2023 - 10:02 p.m.

CVE-2023-45202 Online Examination System v1.0 - Multiple Open Redirects

2023-11-0122:02:45

CWE-601

Fluid Attacks

www.cve.org

cve-2023-45202

open redirect

online examination system

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

16.9%

JSON

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The ‘q’ parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Online Examination System",
    "vendor": "Projectworlds Pvt. Limited",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

fluidattacks.com/advisories/uchida

projectworlds.in/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

16.9%

JSON

Related for CVELIST:CVE-2023-45202