6.1

CVE-2015-3880

Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Data is provided by the National Vulnerability Database (NVD)
PhpbbPhpbb Updaterc1 Version <= 3.0.14
PhpbbPhpbb Version3.1.0
PhpbbPhpbb Version3.1.0 Updatea1
PhpbbPhpbb Version3.1.0 Updatea2
PhpbbPhpbb Version3.1.0 Updatea3
PhpbbPhpbb Version3.1.0 Updateb1
PhpbbPhpbb Version3.1.0 Updateb2
PhpbbPhpbb Version3.1.0 Updateb3
PhpbbPhpbb Version3.1.0 Updateb4
PhpbbPhpbb Version3.1.0 Updaterc1
PhpbbPhpbb Version3.1.0 Updaterc2
PhpbbPhpbb Version3.1.0 Updaterc3
PhpbbPhpbb Version3.1.0 Updaterc4
PhpbbPhpbb Version3.1.0 Updaterc5
PhpbbPhpbb Version3.1.0 Updaterc6
PhpbbPhpbb Version3.1.1
PhpbbPhpbb Version3.1.2
PhpbbPhpbb Version3.1.2 Updaterc1
PhpbbPhpbb Version3.1.3
PhpbbPhpbb Version3.1.3 Updaterc1
PhpbbPhpbb Version3.1.3 Updaterc2
PhpbbPhpbb Version3.1.4 Updaterc1
PhpbbPhpbb Version3.1.4 Updaterc2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.71% 0.713
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

http://www.openwall.com/lists/oss-security/2015/05/12/10
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/74592
Third Party Advisory
VDB Entry