CVE-2015-3880: URL Redirection to Untrusted Site ('Open Redirect')
(updated )
Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
- www.openwall.com/lists/oss-security/2015/05/12/10
- github.com/advisories/GHSA-hwq7-cvp8-6hm3
- github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04
- github.com/phpbb/phpbb/commit/c1702b8e19a69c98ef049abb4e14157e3e208ed4
- nvd.nist.gov/vuln/detail/CVE-2015-3880
- web.archive.org/web/20170520103544/http://www.securityfocus.com/bid/74592
- wiki.phpbb.com/Release_Highlights/3.0.14
- wiki.phpbb.com/Release_Highlights/3.1.4
- www.phpbb.com/community/viewtopic.php?f=14&t=2313941
Code Behaviors & Features
Detect and mitigate CVE-2015-3880 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →