Security Advisory

CVE-2019-16645

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-09-20 18:24:15

Last updated 2024-08-05 01:17:41

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.

← Browse all CVEs View on cve.org ↗