CVE-2011-5252

Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
orchardprojectorchard
1.0
orchardprojectorchard
1.0.20
orchardprojectorchard
1.1
orchardprojectorchard
1.1.30
orchardprojectorchard
1.2
orchardprojectorchard
1.2.41
orchardprojectorchard
1.3
orchardprojectorchard
1.3.9
orchardprojectorchard
1.3.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html
http://orchard.codeplex.com/discussions/283667
http://secunia.com/advisories/47398
http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/
http://www.securityfocus.com/bid/51260
https://exchange.xforce.ibmcloud.com/vulnerabilities/72110
http://archives.neohapsis.com/archives/bugtraq/2012-01/0023.html
http://orchard.codeplex.com/discussions/283667
http://secunia.com/advisories/47398
http://www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/
http://www.securityfocus.com/bid/51260
https://exchange.xforce.ibmcloud.com/vulnerabilities/72110