CVE-2023-33405

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jun 21, 2023

Updated: Jun 28, 2023

CWE ID 601

Summary

CVE-2023-33405 is a newly discovered vulnerability affecting Blogengine.net version 3.3.8.0 and earlier. This issue allows an attacker to execute an open redirect, manipulating the URLs in a way that can redirect users to malicious websites. As a result, user sessions can be hijacked, and sensitive information can be stolen. Users are strongly urged to upgrade to the latest version of Blogengine.net to mitigate this risk. Failure to do so may result in unauthorized access and data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ruG_mD
https://www.cve.org/CVERecord?id=CVE-2023-33405
https://nvd.nist.gov/vuln/detail/CVE-2023-33405

Back to Vulnerability Database

CVE-2023-33405

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations