| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| Open Redirect | 30 Sep 202311:50 | – | huntr | |
| CVE-2023-5375 | 4 Oct 202312:11 | – | circl | |
| mosparo Input Validation Error Vulnerability | 4 Oct 202300:00 | – | cnnvd | |
| CVE-2023-5375 | 4 Oct 202308:30 | – | cve | |
| CVE-2023-5375 Open Redirect in mosparo/mosparo | 4 Oct 202308:30 | – | cvelist | |
| CVE-2023-5375 | 4 Oct 202309:15 | – | nvd | |
| CVE-2023-5375 Open Redirect in mosparo/mosparo | 4 Oct 202308:30 | – | osv | |
| Open redirect | 4 Oct 202309:15 | – | prion | |
| CVE-2023-5375 | 23 May 202501:48 | – | redhatcve | |
| CVE-2023-5375 Open Redirect in mosparo/mosparo | 4 Oct 202308:30 | – | vulnrichment |
id: CVE-2023-5375
info:
name: Mosparo < 1.0.2 - Open Redirect
author: shankaracharya
severity: medium
description: |
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
impact: |
Unauthenticated attackers can exploit open redirect through the targetPath parameter to redirect users to malicious websites for phishing attacks.
remediation: Update to the latest version of mosparo.
reference:
- https://huntr.dev/bounties/3fa2abde-cb58-45a3-a115-1727ece9acb9
- https://nvd.nist.gov/vuln/detail/CVE-2023-5375
- https://github.com/mosparo/mosparo/commit/9d5da367b78b8c883bfef5f332ffea26292f99e8
- https://github.com/fkie-cad/nvd-json-data-feeds
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-5375
cwe-id: CWE-601
epss-score: 0.33629
epss-percentile: 0.98179
cpe: cpe:2.3:a:mosparo:mosparo:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: mosparo
product: mosparo
tags: cve2023,cve,huntr,mosparo,redirect,vuln
http:
- method: GET
path:
- "{{BaseURL}}/project/switch/1?targetPath=http://oast.pro"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.pro.*$'
# digest: 4a0a00473045022100d81e7f0305addb70fc874dd27b53c1e548fdb6f3d2f939f04eeccbe1d208936b022018636d05abb81d38bda29c1c72ac47473ac1955b4c48d859524569910209c01f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation