CVE-2015-5354
published 2015-07-01CVE-2015-5354: Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL…
PriorityP431medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
12.52%
95.7th percentile
Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| novius-os | novius_os | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Novius 5.0.1 - Multiple Vulnerabilities
exploitdb·2015-06-30
CVE-2015-5354 Novius 5.0.1 - Multiple Vulnerabilities
Novius 5.0.1 - Multiple Vulnerabilities
---
[+] Credits: John Page ( hyp3rlinx )
[+] Domains: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txt
Vendor:
community.novius-os.org
Product:
novius-os.5.0.1-elche is a PHP Based Content Management System
community.novius-os.org/developpers/download.html
Advisory Information:
Persistent XSS, LFI & Open Redirect
Vulnerability Details:
Persistent XSS:
Users can inject XSS payloads that will be saved to MySQL DB, where they
will execute each time when accessed.
1- In Admin under 'Media Center' users can inject XSS payloads and save to
the 'media_title' field for a saved media file,
create a new media page inject payload click save and then select
visualize.
2- Under Website menus area u
Nuclei
Novius OS 5.0.1-elche - Open Redirect
nuclei·CVSS 5.8
CVE-2015-5354 [MEDIUM] Novius OS 5.0.1-elche - Open Redirect
Novius OS 5.0.1-elche - Open Redirect
Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
Template:
id: CVE-2015-5354
info:
name: Novius OS 5.0.1-elche - Open Redirect
author: 0x_Akoko
severity: medium
description: Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware.
remediation: |
Apply the latest security patches or upgrade to a newer version of Novius OS.
reference:
- https://packetstormsecurity.c
http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txthttp://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.htmlhttp://www.securityfocus.com/archive/1/535876/100/0/threadedhttps://www.exploit-db.com/exploits/37439/http://hyp3rlinx.altervista.org/advisories/AS-NOVIUSOS0629.txthttp://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.htmlhttp://www.securityfocus.com/archive/1/535876/100/0/threadedhttps://www.exploit-db.com/exploits/37439/
2015-07-01
Published