Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
An open redirect vulnerability exists in CERT/CC VINCE software prior to version 1.50.0
Vulnerability Description
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials.
CVSS Information
N/A
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
VINCE 输入验证错误漏洞
Vulnerability Description
VINCE是美国CERT Coordination Center开源的一个 CERT 协调中心开发和使用的漏洞信息和协调环境。用于改进协调的漏洞披露。 VINCE 1.5.0之前版本存在输入验证错误漏洞,攻击者利用该漏洞可以发送具有特制 URL 的链接并诱使用户单击该链接,当经过身份验证的用户单击该链接时,用户的浏览器可能会被重定向到恶意网站。
CVSS Information
N/A
Vulnerability Type
N/A