Lucene search

K
osvGoogleOSV:GHSA-VP8P-C6XJ-XPJ7
HistoryMay 23, 2024 - 5:12 p.m.

Silverstripe External redirection risk in Security?ReturnURL

2024-05-2317:12:13
Google
osv.dev
2
silverstripe
framework
vulnerability
login
redirection
external site
risk

7 High

AI Score

Confidence

Low

A vulnerability has been found in the SilverStripe framework where a login url can be potentially redirected to an external site.

For example, the url http://www.my-silverstripe-site.com/Security/login?BackURL=/\attacker-site.com will redirect successful logins to the page http://attacker-site.com. If that website were set up to look identical to the first with “login failed” then the user will likely just enter their user/pass again.

7 High

AI Score

Confidence

Low