Vulnerability Description
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trueconf | Server | < 5.0.2 |
Related Weaknesses (CWE)
References
- https://vuldb.com/?id.96633Permissions RequiredThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/41184/ExploitThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.96633Permissions RequiredThird Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/41184/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-20119?
CVE-2017-20119 is a vulnerability with a CVSS score of 3.5 (LOW). A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url le...
How severe is CVE-2017-20119?
CVE-2017-20119 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-20119?
Check the references section above for vendor advisories and patch information. Affected products include: Trueconf Server.