CVE-2015-5062 — Open Redirect in CMS

CWE-601 — Open Redirect3 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

0.3%

top 42.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Silverstripe CMS Silverstripe Framework Silverstripe

Timeline

PublishedJun 24

Latest updateMay 14

Description

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

▶Packagistsilverstripe/framework3.1.13

▶Packagistsilverstripe/cms3.1.13

▶NVDsilverstripe/silverstripe3.1.13

🔴Vulnerability Details

OSV

Silverstripe CMS Open Redirect↗2022-05-14

▶

GHSA

Silverstripe CMS Open Redirect↗2022-05-14

▶