CVE-2008-2951
MEDIUMTrac < 0.10.5 - Open Redirect via Search Script q Parameter
Title source: llmDescription
Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.
References (8)
Core 8
Core References
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/46513
Mailing List vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html
Mailing List vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44043
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30402
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31314
Broken Link x_refsource_misc
http://holisticinfosec.org/content/view/72/45/
Release Notes x_refsource_confirm
http://trac.edgewall.org/wiki/ChangeLog
Scores
CVSS v3
6.1
EPSS
0.0183
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (4)
edgewall/trac
< 0.10.5
fedoraproject/fedora
8
fedoraproject/fedora
9
pypi/trac
0 - 0.10.5PyPI
Published
Jul 27, 2008
Tracked Since
Feb 18, 2026