CVE-2017-1000163

MEDIUM NUCLEI

Phoenix Framework <1.0.4, 1.1.6, 1.2.2, 1.3.0-rc.0 - Open Redirect

Title source: llm

Description

The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.

Nuclei Templates (1)

Phoenix Framework - Open Redirect

MEDIUMby 0x_Akoko

References (1)

[Mitigation, Third Party Advisory] https://elixirforum.com/t/security-releases-for-phoenix/4143

Scores

CVSS v3 6.1

EPSS 0.0179

EPSS Percentile 82.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (16)

Hex/phoenix 0 - 1.0.6Hex

phoenixframework/phoenix 1.0.0

phoenixframework/phoenix 1.0.1

phoenixframework/phoenix 1.0.2

phoenixframework/phoenix 1.0.3

phoenixframework/phoenix 1.0.4

phoenixframework/phoenix 1.1.0

phoenixframework/phoenix 1.1.1

phoenixframework/phoenix 1.1.2

phoenixframework/phoenix 1.1.3

... and 6 more

Published Nov 17, 2017

Tracked Since Feb 18, 2026