CVE-2015-7823
published 2015-10-21CVE-2015-7823: Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and…
PriorityP426medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
5.14%
91.4th percentile
Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kentico | kentico_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Kentico CMS 8.2 - Open Redirect
nuclei·CVSS 5.8
CVE-2015-7823 [MEDIUM] Kentico CMS 8.2 - Open Redirect
Kentico CMS 8.2 - Open Redirect
Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.
Template:
id: CVE-2015-7823
info:
name: Kentico CMS 8.2 - Open Redirect
author: 0x_Akoko
severity: medium
description: Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
remediation: |
Apply the latest security patches or upgrade to a newer
2015-10-21
Published