CVE-2023-5375
published 2023-10-04CVE-2023-5375: Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
PriorityP349medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
33.63%
98.2th percentile
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mosparo | mosparo | < 1.0.2 | 1.0.2 |
| mosparo | mosparo_mosparo | >= unspecified < 1.0.2 | 1.0.2 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Mosparo < 1.0.2 - Open Redirect
nuclei·CVSS 6.1
CVE-2023-5375 [MEDIUM] Mosparo < 1.0.2 - Open Redirect
Mosparo < 1.0.2 - Open Redirect
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
Template:
id: CVE-2023-5375
info:
name: Mosparo < 1.0.2 - Open Redirect
author: shankaracharya
severity: medium
description: |
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
impact: |
Unauthenticated attackers can exploit open redirect through the targetPath parameter to redirect users to malicious websites for phishing attacks.
remediation: Update to the latest version of mosparo.
reference:
- https://huntr.dev/bounties/3fa2abde-cb58-45a3-a115-1727ece9acb9
- https://nvd.nist.gov/vuln/detail/CVE-2023-5375
- https://github.com/mosparo/mosparo/commit/9d5da367b78b8c883bfef5f332ffea26292f99e8
- https://github.com/fkie-cad/nvd-json-data-feeds
classification:
cvss-metrics: C
2023-10-04
Published