CVE-2015-5062

Description

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build.

How to fix CVE-2015-5062

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Packagist/silverstripe/cms—no fix listed
• Packagist/silverstripe/framework—no fix listed

Is CVE-2015-5062 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, <= 3.1.13
• from 0, <= 3.1.13

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-5062
• WEBhyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt
• WEBpacketstormsecurity.com/files/132223/SilverStripe-CMS-3.1.13-XSS-Open-Redirect.html
• WEBweb.archive.org/web/20200228091958/http://www.securityfocus.com/bid/75419