CVE-2014-2213
MEDIUMPOSH 3.0-3.2.1 - Open Redirect via Password Reset Redirect Parameter
Title source: llmDescription
Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/oss-sec/2014/q1/444
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/65843
Exploit, Third Party Advisory x_refsource_misc
https://sysdream.com/news/lab/posh-3-2-1-multiple-vulnerabilities/
Scores
CVSS v3
6.1
EPSS
0.0144
EPSS Percentile
69.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
posh_project/posh
3.0 - 3.2.1
Published
Nov 22, 2019
Tracked Since
Feb 18, 2026