Vulnerability Description
Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Posh Project | Posh | >= 3.0, <= 3.2.1 |
Related Weaknesses (CWE)
References
- http://seclists.org/oss-sec/2014/q1/444Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/65843Third Party AdvisoryVDB Entry
- https://sysdream.com/news/lab/posh-3-2-1-multiple-vulnerabilities/ExploitThird Party Advisory
- http://seclists.org/oss-sec/2014/q1/444Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/65843Third Party AdvisoryVDB Entry
- https://sysdream.com/news/lab/posh-3-2-1-multiple-vulnerabilities/ExploitThird Party Advisory
FAQ
What is CVE-2014-2213?
CVE-2014-2213 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the...
How severe is CVE-2014-2213?
CVE-2014-2213 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2213?
Check the references section above for vendor advisories and patch information. Affected products include: Posh Project Posh.