Open-AudIT Professional 2.1 Open Redirect Vulnerability

Open-AudIT Professional 2.1 Open Redirect Vulnerability

CVE-2018-8937 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code.

Learn more about our Web Application Penetration Testing UK.