SPIP < 4.4.5 Open Redirect via Login Form

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been overridden to function in AJAX mode. It is not mitigated by the SPIP security screen.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

指向未可信站点的URL重定向(开放重定向)

SPIP 输入验证错误漏洞

SPIP是SPIP开源的一个用于创建 Internet 站点的免费软件。 SPIP 4.4.5之前版本和4.3.9之前版本存在输入验证错误漏洞，该漏洞源于AJAX模式下的登录表单存在开放重定向，可能导致重定向到任意外部站点。

N/A

N/A