CVE-2020-24550
published 2021-03-31CVE-2020-24550: An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a…
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
4.74%
90.7th percentile
An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| episerver | find | < 13.2.7 | 13.2.7 |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for HTTP GET requests to /find_v2/_click containing the _t_redirect parameter with an external/untrusted URL value. ↗
- →Detect exploitation by matching HTTP 301 responses with a Location header pointing to an external domain originating from requests to /find_v2/_click. ↗
- ·The vulnerability is only present in EpiServer Find versions before 13.2.7. Detection rules should be scoped to installations running affected versions. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
EpiServer Find <13.2.7 - Open Redirect
nuclei·CVSS 6.1
CVE-2020-24550 [MEDIUM] EpiServer Find <13.2.7 - Open Redirect
EpiServer Find <13.2.7 - Open Redirect
EpiServer Find before 13.2.7 contains an open redirect vulnerability via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2020-24550
info:
name: EpiServer Find <13.2.7 - Open Redirect
author: dhiyaneshDK
severity: medium
description: EpiServer Find before 13.2.7 contains an open redirect vulnerability via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
An attacker can exploit t
2021-03-31
Published