Open Redirect

2017-07-2807:11:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

73.0%

JSON

silverstripe/cms is susceptible to open redirect attacks. The attacks exist because the ‘returnURL’ parameter is not validated properly, allowing attackers to provide a malicious URL to a location or file.

CPENameOperatorVersion
silverstripe/cmsle3.1.13
silverstripe/cmsle3.1.13

CPE	Name	Operator	Version
	silverstripe/cms	le	3.1.13
	silverstripe/cms	le	3.1.13

References

hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt

packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html

www.securityfocus.com/archive/1/535716/100/0/threaded

www.securityfocus.com/archive/1/archive/1/535716/100/0/threaded

www.securityfocus.com/bid/75419

github.com/silverstripe/silverstripe-cms/commit/b87f5473d9f20fe62039ef0d63320143691f7017

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for VERACODE:4778