Description

Acunetix has detected that the web application is based on Bitrix. This version of Bitrix has an open redirect vulnerability.

Open redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting.

Remediation

Upgrade to the latest version of Bitrix

References

Unvalidated Redirects and Forwards Cheat Sheet

Related Vulnerabilities

Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25609)

Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22903)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Open Redirect (2.0.5)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.26)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Open Redirect (2.0.19)

Severity

Medium

Classification

CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Url Redirection