An issue exists in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
embedthis goahead 2.5.0 |