Open Redirect Vulnerability in InstantCMS Affects User Profile Management
CVE-2024-31213

5.4MEDIUM

Key Information:

Vendor: Instantcms
Status: Instantcms
Vendor: CVE Published:; 5 April 2024

What is CVE-2024-31213?

An open redirect vulnerability exists in InstantCMS's ICMS2 application version 2.16.2. This flaw occurs during the user profile update process, allowing an attacker to redirect users to a malicious site disguised as the legitimate application. By doing so, they could deceive users into providing sensitive information, such as passwords, under false pretenses. Currently, there is no patched version available.

References

https://github.com/instantsoft/icms2/security/advisories/...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 5, 2024

Instantcms

What is CVE-2024-31213?

References

CVSS V3.1

Timeline