漏洞标题
N/A
漏洞描述信息
在Open-Xchange OX AppSuite 7.8.0-rev27之前发现了一个问题。 "defer"servlet提供了一个将客户端重定向到指定URL的功能。由于一些检查缺失,可以提供一个任意的URL作为重定向目标。用户可以被误导跟随一个可靠的域名链接,但最终会访问一个意想不到的服务。这个漏洞可以用来准备和增强钓鱼攻击。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Open-Xchange OX App Suite安全漏洞
漏洞描述信息
Open-Xchange OX App Suite是美国Open-Xchange公司的一套Web云桌面环境。该环境允许用户更直观的管理电子邮件、任务和文件等。 Open-Xchange OX App Suite 7.8.0-rev27之前的版本中存在安全漏洞。攻击者可利用该漏洞发起钓鱼攻击。
CVSS信息
N/A
漏洞类别
授权问题