Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from parameter, aka ZEN-11998.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Zenoss_core | Zenoss | 3.0.2 | 3.0.2 |
Zenoss_core | Zenoss | 2.4.0 | 2.4.0 |
Zenoss_core | Zenoss | 3.1.0 | 3.1.0 |
Zenoss_core | Zenoss | 2.5.2 | 2.5.2 |
Zenoss_core | Zenoss | 3.2.1 | 3.2.1 |
Zenoss_core | Zenoss | 4.2.4 | 4.2.4 |
Zenoss_core | Zenoss | 2.4.5 | 2.4.5 |
Zenoss_core | Zenoss | 2.5.0 | 2.5.0 |
Zenoss_core | Zenoss | 2.5.1 | 2.5.1 |
Zenoss_core | Zenoss | 3.2.0 | 3.2.0 |
Zenoss_core | Zenoss | 4.2.3 | 4.2.3 |
Zenoss_core | Zenoss | 3.0.0 | 3.0.0 |
Zenoss_core | Zenoss | 3.0.1 | 3.0.1 |
Zenoss_core | Zenoss | * | 4.2.5 |
Zenoss_core | Zenoss | 4.2.0 | 4.2.0 |
Zenoss_core | Zenoss | 3.0.3 | 3.0.3 |