What is CVE-2020-24550?

CVE-2020-24550 is a vulnerability in N/a. Published 2021-03-31.

Is CVE-2020-24550 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-24550

An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL.

EPSS: 0.659 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
StarCrossPortal/scalpel
anonymous364872/Rapier_
apif-review/APIF_
apit-review-account/apit-tool
d4n-sec/d4n-sec.github.io
youcans896768/APIV_

References

labs.nettitude.com/blog/cve-2020-24550-open-redirect-in-episerver-find/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-24550?: CVE-2020-24550 is a vulnerability in N/a. Published 2021-03-31.
Is CVE-2020-24550 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.