CVE-2019-1010290

moderate-risk
Published 2019-07-16

Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing.

Do I need to act?

!
24.4% chance of exploitation in next 30 days
EPSS score — higher than 76% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Cmsmadesimple

References (4)

Product http://dev.cmsmadesimple.org/project/files/729
Exploit https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-bab...
Product http://dev.cmsmadesimple.org/project/files/729
Exploit https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-bab...
43
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 15/34 · Moderate
Exposure 5/34 · Minimal