CVE-2011-4553

One Click Orgs < 1.2.3 - Open Redirect via Return_to Parameter

Title source: llm
STIX 2.1

Description

Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 allow (1) remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the return_to parameter, and allow (2) remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain.

References (2)

Core 2
Core References
Various Sources x_refsource_misc
http://dmcdonald.net/?page_id=43

Scores

EPSS 0.0103
EPSS Percentile 59.8%

Details

CWE
CWE-20
Status published
Products (7)
oneclickorgs/one_click_orgs 1.0.0
oneclickorgs/one_click_orgs 1.0.1
oneclickorgs/one_click_orgs 1.1.0
oneclickorgs/one_click_orgs 1.1.1
oneclickorgs/one_click_orgs 1.2.0
oneclickorgs/one_click_orgs 1.2.1
oneclickorgs/one_click_orgs < 1.2.2
Published Dec 06, 2011
Tracked Since Feb 18, 2026