PT-2019-12011 · Blogengine · Blogengine.Net

Published

2019-07-03

Updated

2019-07-10

CVE-2019-10721

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions BlogEngine.NET version 3.3.7.0

Description The issue allows for a Client Side URL Redirect via the ReturnUrl parameter. This is related to the files Security.cs, login.aspx, and register.aspx in the BlogEngine/BlogEngine.Core/Services/Security directory.

Recommendations For BlogEngine.NET version 3.3.7.0, consider restricting access to the ReturnUrl parameter in login.aspx and register.aspx to minimize the risk of exploitation. Avoid using the ReturnUrl parameter in these pages until the issue is resolved.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2019-10721

Affected Products

Blogengine.Net

PT-2019-12011 · Blogengine · Blogengine.Net

CVE-2019-10721

Weakness Enumeration

Related Identifiers

Affected Products

References · 4