CVE-2021-39425

Published: Jul 20, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

Affected (1)

Products: Seeddms: Seeddms

Seeddms

1 product

Seeddms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Seeddms Seeddms	Version 6.0.15

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (4)

https://medium.com/%40rohitgautam26/cve-2021-39425-8a336eba34dd

Source: cve@mitre.org

https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect

Source: cve@mitre.org

Third Party Advisory

https://medium.com/%40rohitgautam26/cve-2021-39425-8a336eba34dd

Source: af854a3a-2127-422b-91ae-364da2661108

https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.