CVE-2014-7292
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.8
Description
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
References
- http://packetstormsecurity.com/files/128749/Newtelligence-dasBlog-2.3-Open-Redirect.html
- http://seclists.org/fulldisclosure/2014/Oct/91
- http://www.securityfocus.com/bid/70654
- http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97667
- http://packetstormsecurity.com/files/128749/Newtelligence-dasBlog-2.3-Open-Redirect.html
- http://seclists.org/fulldisclosure/2014/Oct/91
- http://www.securityfocus.com/bid/70654
- http://www.tetraph.com/blog/cves/cve-2014-7292-newtelligence-dasblog-open-redirect-vulnerability
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97667
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.