id: CVE-2013-2621 info: name: Telaen => v1.3.1 - Open Redirect author: ctflearner severity: medium description: | Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. remediation: | Upgrade to the latest version of Telaen to fix the open redirect vulnerability. reference: - https://www.exploit-db.com/exploits/38546 - https://exchange.xforce.ibmcloud.com/vulnerabilities/84683 - https://nvd.nist.gov/vuln/detail/CVE-2013-2621 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2013-2621 cwe-id: CWE-601 epss-score: 0.03563 epss-percentile: 0.90558 cpe: cpe:2.3:a:telaen_project:telaen:*:*:*:*:*:*:*:* metadata: max-request: 2 vendor: telaen_project product: telaen tags: cve,cve2012,telaen,redirect http: - method: GET path: - "{{BaseURL}}/telaen/redir.php?https://interact.sh" - "{{BaseURL}}/redir.php?https://interact.sh" stop-at-first-match: true matchers-condition: and matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' # digest: 4a0a00473045022100952cf1d579fa7c04054852d96a993fb131ff0237c6115d37c5d363556911b5b90220065f2597ef32f6062f49e84991e69b464b31f98a05bba96f584b8de39747735a:922c64590222798bb761d5b6d8e72950