Description
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.
Remediation
References
Related Vulnerabilities
Jenkins Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2020-2105)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17304)
WordPress Plugin Event Management Tickets Booking By Event Monster Cross-Site Scripting (1.0.7)
WordPress Plugin PropertyHive Cross-Site Scripting (1.4.14)
Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-1967)