Vulnerability Description
Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpbb | Phpbb | <= 3.0.14 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/05/12/10Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/74592Third Party AdvisoryVDB Entry
- https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04PatchThird Party Advisory
- https://wiki.phpbb.com/Release_Highlights/3.0.14Third Party Advisory
- https://wiki.phpbb.com/Release_Highlights/3.1.4Third Party Advisory
- https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941Vendor Advisory
- http://www.openwall.com/lists/oss-security/2015/05/12/10Mailing ListPatchThird Party Advisory
- http://www.securityfocus.com/bid/74592Third Party AdvisoryVDB Entry
- https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04PatchThird Party Advisory
- https://wiki.phpbb.com/Release_Highlights/3.0.14Third Party Advisory
- https://wiki.phpbb.com/Release_Highlights/3.1.4Third Party Advisory
- https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941Vendor Advisory
FAQ
What is CVE-2015-3880?
CVE-2015-3880 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified...
How severe is CVE-2015-3880?
CVE-2015-3880 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3880?
Check the references section above for vendor advisories and patch information. Affected products include: Phpbb Phpbb.