daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2021-24165.yaml

patch-1
Ritik Chaddha 2022-08-10 13:38:03 +05:30 committed by GitHub
parent ae5f2a6946
commit f7da7ce798
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2021/CVE-2021-24165.yaml
View File

@ -3,10 +3,12 @@ id: CVE-2021-24165
info: info:
name: Ninja Forms < 3.4.34 - Administrator Open Redirect name: Ninja Forms < 3.4.34 - Administrator Open Redirect
author: dhiyaneshDk,daffainfo author: dhiyaneshDk,daffainfo
severity: low severity: medium
description: The wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. description: |
The wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
reference: reference:
- https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818 - https://wpscan.com/vulnerability/6147acf5-e43f-47e6-ab56-c9c8be584818
- https://nvd.nist.gov/vuln/detail/CVE-2021-24165
tags: wordpress,redirect,wp-plugin,ninjaform,authenticated,wp tags: wordpress,redirect,wp-plugin,ninjaform,authenticated,wp
requests: requests: