CVE-2015-4668

MEDIUM NUCLEI

Xceedium Xsuite - Open Redirect via redirurl Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4668. PoCs published by modzero. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a detailed security advisory describing multiple vulnerabilities in Xceedium Xsuite, including command injection, XSS, directory traversal, privilege escalation, and hard-coded credentials. It provides proof-of-concept HTTP requests and code snippets to demonstrate the vulnerabilities.

Description

Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.

Exploits (1)

exploitdb WRITEUP

by modzero · textwebappsphp

https://www.exploit-db.com/exploits/37708

View Code ZIP pw:eip

This is a detailed security advisory describing multiple vulnerabilities in Xceedium Xsuite, including command injection, XSS, directory traversal, privilege escalation, and hard-coded credentials. It provides proof-of-concept HTTP requests and code snippets to demonstrate the vulnerabilities.

Classification

Writeup 100%

Attack Type

Rce | Xss | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Xceedium Xsuite 2.3.0, 2.4.3.0

No auth needed

Prerequisites: Network access to the Xsuite web interface · Ability to send crafted HTTP requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Xsuite <=2.4.4.5 - Open Redirect

MEDIUMby 0x_Akoko

References (4)

Core 4

Core References

Various Sources x_refsource_confirm

https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/536058/100/0/threaded

Exploit, Third Party Advisory x_refsource_misc

http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/37708/

Scores

CVSS v3 6.1

EPSS 0.0420

EPSS Percentile 89.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (2)

xceedium/xsuite 2.3.0

xceedium/xsuite 2.4.3.0

Published Sep 25, 2017

Tracked Since Feb 18, 2026