Open Redirect Vulnerability in Serendipity by s9y
CVE-2017-5474

6.1MEDIUM

Key Information:

Vendor: S9y
Status: Serendipity
Vendor: CVE Published:; 14 January 2017

What is CVE-2017-5474?

An open redirect vulnerability exists in the comment.php file of Serendipity versions up to 2.0.5. This flaw allows remote attackers to exploit the HTTP Referer header to redirect users to malicious websites. By manipulating this header, attackers can create deceptive URLs, increasing the chances of successful phishing attacks and compromising user credentials. Organizations using affected versions of Serendipity should apply the necessary patches to safeguard against such vulnerabilities.

References

https://github.com/s9y/Serendipity/commit/6285933470bab29...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95652

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2017
Vulnerability Reserved
Jan 13, 2017

JSON

S9y

What is CVE-2017-5474?

References

CVSS V3.1

Timeline