CVE-2019-10721
MEDIUMBlogEngine.NET 3.3.7.0 - Open Redirect via ReturnUrl Parameter
Title source: llmDescription
BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/rxtur/BlogEngine.NET/commits/master
Exploit, Patch, Third Party Advisory x_refsource_misc
https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
Scores
CVSS v3
6.1
EPSS
0.0097
EPSS Percentile
57.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
dotnetblogengine/blogengine.net
3.3.7.0
Published
Jul 03, 2019
Tracked Since
Feb 18, 2026