CVE-2015-5354

NUCLEI

Novius OS 5.0.1 - Open Redirect via Login Redirect Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5354. PoCs published by hyp3rlinx. A Nuclei detection template is also available.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Novius-OS 5.0.1-elche, including persistent XSS via 'media_title' and 'menu_title' fields, LFI via the 'tab' parameter, and an open redirect via the 'redirect' parameter. The document provides proof-of-concept URLs and steps to exploit these issues.

Description

Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.

Exploits (1)

exploitdb WRITEUP
by hyp3rlinx · textwebappsphp
https://www.exploit-db.com/exploits/37439

This advisory details multiple vulnerabilities in Novius-OS 5.0.1-elche, including persistent XSS via 'media_title' and 'menu_title' fields, LFI via the 'tab' parameter, and an open redirect via the 'redirect' parameter. The document provides proof-of-concept URLs and steps to exploit these issues.

Classification
Writeup 90%
Attack Type
Xss | Info Leak | Other
Complexity
Trivial
Reliability
Reliable
Target: Novius-OS 5.0.1-elche
Auth required
Prerequisites: Access to admin panel · Valid session for XSS exploitation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Novius OS 5.0.1-elche - Open Redirect
MEDIUMby 0x_Akoko

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535876/100/0/threaded
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37439/

Scores

EPSS 0.2180
EPSS Percentile 95.9%

Details

CWE
CWE-601
Status published
Products (1)
novius-os/novius_os 5.0.1
Published Jul 01, 2015
Tracked Since Feb 18, 2026