CVE-2021-24288
N/A
N/A
Summary
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AcyMailing | Newsletter via SMTP, Sendinblue, Sendgrid, Mailgun - AcyMailing SMTP Newsletter | 7.5.0 < 7.5.0 | affected |
Weaknesses
- CWE-601: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.