Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-4668Open Redirect in Xsuite

CWE-601Open Redirect5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
4.2%
top 11.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Xceedium Xsuite
Timeline
PublishedSep 25
Latest updateMay 14

Description

Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDxceedium/xsuite2.3.0, 2.4.3.0+1

🔴Vulnerability Details

2
GHSA
GHSA-vx7g-39p9-2r2g: Open redirect vulnerability in Xsuite 22022-05-14
CVEList
CVE-2015-4668: Open redirect vulnerability in Xsuite 22017-09-25

💥Exploits & PoCs

2
Exploit-DB
Xceedium Xsuite - Multiple Vulnerabilities2015-07-27
Nuclei
Xsuite <=2.4.4.5 - Open Redirect
CVE-2015-4668 — Open Redirect in Xceedium Xsuite | cvebase