The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.
References
Link | Resource |
---|---|
https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25 | Not Applicable |
https://www.twcert.org.tw/tw/cp-132-4926-dc06b-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2021-07-19T00:00:00
Updated: 2021-07-19T11:55:43
Reserved: 2021-06-30T00:00:00
Link: CVE-2021-35966
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-19T12:15:08.573
Modified: 2021-07-28T12:48:22.047
Link: CVE-2021-35966
JSON object: View
Redhat Information
No data.
CWE