CVE-2014-1750
Nokia Maps & Places < 1.6.7 - Open Redirect
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as a cross-site scripting (XSS) vulnerability, but this may be inaccurate.
Vulnerabilidad de redirección abierta en nokia-mapsplaces.php en el plugin Nokia Maps & Places 1.6.6 para WordPress permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de una URL en el parámetro href en page/place.html. NOTA: esto se reportó originalmente como una vulnerabilidad de XSS, pero puede ser impreciso.
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as a cross-site scripting (XSS) vulnerability, but this may be inaccurate.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-01-20 CVE Published
- 2014-01-29 CVE Reserved
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2014/q1/181 | Mailing List |
|
| http://www.securityfocus.com/bid/65226 | Vdb Entry | |
| https://plugins.trac.wordpress.org/browser/nokia-mapsplaces/trunk/nokia-mapsplaces.php?rev=841883 | X_refsource_confirm | |
| https://plugins.trac.wordpress.org/browser/nokia-mapsplaces/trunk/nokia-mapsplaces.php?rev=842384 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| http://seclists.org/oss-sec/2014/q1/173 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nokia Maps \& Places Project Search vendor "Nokia Maps \& Places Project" | Nokia Maps \& Places Search vendor "Nokia Maps \& Places Project" for product "Nokia Maps \& Places" | 1.6.6 Search vendor "Nokia Maps \& Places Project" for product "Nokia Maps \& Places" and version "1.6.6" | wordpress |
Affected
| ||||||