CVE-2014-10030 - Unspecified vulnerability in Fluxbb

Summary

Open redirect vulnerability in forums/login.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.

Risk level (CVSS 5.8)

Medium

5.8

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

External references

http://fluxbb.org/forums/viewtopic.php?id=8001
https://fluxbb.org/development/core/tickets/961/

Related CVE

Date	CVE	Title	CVSS
2015-01-13	CVE-2014-10029	SQL Injection vulnerability in Fluxbb	7.5