Open Redirect Vulnerability in CouchCMS v2.3 by CouchCMS
CVE-2023-41609

6.1MEDIUM

Key Information:

Vendor: Couchcms
Status: Couchcms
Vendor: CVE Published:; 11 September 2023

What is CVE-2023-41609?

An open redirect vulnerability exists in the sanitize_url() parameter of CouchCMS v2.3, enabling attackers to manipulate URLs. This flaw allows unauthorized redirection, which can lead users to potentially harmful sites without their consent, highlighting the need for attention to URL handling mechanisms in web applications.

References

https://github.com/CouchCMS/CouchCMS/issues/190

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2023
Vulnerability Reserved
Aug 30, 2023

CVE-2023-41609 Data

JSON

Couchcms

What is CVE-2023-41609?

References

CVSS V3.1

Timeline