Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Ksenia Security Lares 4.0 version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially constructed link hosted on a trusted domain.
Exploitability
AV:NAC:LAT:NPR:NUI:AVulnerable System
VC:NVI:NVA:NSubsequent System
SC:LSI:NSA:N5.1/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:NInput Validation