Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4032

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-4032
Last Modified 01 Aug 2012 12:00:00
Published 17 Jul 2012 05:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4032

Summary

Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx.

Vulnerable Systems

Application

  • Websitepanel 1.0.0

  • Websitepanel 1.0.1

  • Websitepanel 1.0.2

  • Websitepanel 1.1.0

  • Websitepanel 1.1.2

  • Websitepanel 1.2.0

  • Websitepanel 1.2.1


References

XF - websitepanel-returnurl-open-redirect(76803)

BID - 54346

CONFIRM - http://websitepanel.codeplex.com/workitem/224

SECUNIA - 49813

MISC - http://packetstormsecurity.org/files/114541/WebsitePanel-CMS-Open-Redirect.html

OSVDB - 83689


Last Updated: 27 May 2016 10:57:33