CVE-2018-1000671
Last modified
CVE-2018-1000671 is a vulnerability of currently unknown severity. sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. EPSS estimates a 3.98% chance of exploitation in the next 30 days.
Description
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sympa | Sympa | >= 6.2.16 |
| Debian | Debian Linux | 8.0 |
References
- https://github.com/sympa-community/sympa/issues/268Issue Tracking, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00023.htmlMailing List, Third Party Advisory
- https://github.com/sympa-community/sympa/issues/268Issue Tracking, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/09/msg00023.htmlMailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000671?
How severe is CVE-2018-1000671?
How do I fix CVE-2018-1000671?
Are you affected by CVE-2018-1000671?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST