CVE-2015-5062

SilverStripe CMS 3.1.13 XSS / Open Redirect

Severity Score

5.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.

Vulnerabilidad de la redirección abierta en SilverStripe CMS & Framework 3.1.13 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro returnURL en dev/build.

SilverStripe CMS version 3.1.13 suffers from open redirection and cross site scripting vulnerabilities.

*Credits: N/A

CVSS Scores

NISTv2 5.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-06-08 CVE Published
2015-06-24 CVE Reserved
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (4)

URL	Tag	Source
http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt	X_refsource_misc
http://www.securityfocus.com/archive/1/535716/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/75419	Vdb Entry

URL	Date	SRC
http://packetstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html	2024-08-06

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Silverstripe Search vendor "Silverstripe"		Silverstripe Search vendor "Silverstripe" for product "Silverstripe"				3.1.13 Search vendor "Silverstripe" for product "Silverstripe" and version "3.1.13"		-		Affected