Required CVE Record Information
Description
Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- http://seclists.org/oss-sec/2014/q1/444 x_transferred
- http://www.securityfocus.com/bid/65843 x_transferred
- https://sysdream.com/news/lab/posh-3-2-1-multiple-vulnerabilities/ x_transferred