Primary

Context

Ksenia Security Lares URL Redirection Vulnerability

Vulnerability

A URL redirection vulnerability has been identified in Ksenia Security Lares version 4.0, specifically in the 'cmdOk.xml' script. This vulnerability allows attackers to manipulate the 'redirectPage' GET parameter, creating malicious links that can redirect authenticated users to arbitrary websites. The exploitation occurs when users click on these crafted links, which are hosted on trusted domains.

Impact

Exploitation of this vulnerability could lead to unauthorized redirection of users to malicious websites, potentially causing phishing or other spoofing-related attacks.

Reproduction

To reproduce this vulnerability, send a request to the 'cmdOk.xml' script with the 'redirectPage' parameter set to a URL of an arbitrary website. This can be done by clicking on a link hosted on a trusted domain that points to the affected script with the manipulated parameter.

Added: Dec 30, 2025, 11:20 PM

Updated: Dec 30, 2025, 11:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

7.7

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

7.7

remediation

0.0

relevance

1.7

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ksenia Security Lares URL Redirection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating