What the vulnerability does
01Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in flexmls Flexmls® IDX flexmls-idx allows Phishing.This issue affects Flexmls® IDX: from n/a through <= 3.15.7.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
What the vulnerability does
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in flexmls Flexmls® IDX flexmls-idx allows Phishing.This issue affects Flexmls® IDX: from n/a through <= 3.15.7.
Explanation of Vulnerability in Simple Terms
Flexmls IDX versions 3.15.7 and earlier contain an open redirect vulnerability. An attacker can craft a malicious link that redirects users to an external website after they interact with the application. The vulnerability requires user interaction and has limited confidentiality impact. Update to a version newer than 3.15.7 to remediate.
What an attacker can do
Redirect users to a malicious external website via a crafted link.
Potential impact on your site
Users may be redirected away from your site to phishing or malware sites if they click attacker-controlled links.
Conditions required to exploit
User must click a malicious link or visit a page containing the redirect.
Key dates
External resources