| Название | TOTVS Portal Meu RH 12.1.17 Open Redirect combined with phishing in password reset |
|---|
| Описание | An Open Redirect vulnerability in the password recovery flow of the TOTVS Meu RH Portal platform allows attackers to manipulate the redirectUrl parameter, causing the application to send legitimate emails that redirect users to malicious external domains, enabling highly convincing phishing attacks. |
|---|
| Источник | ⚠️ https://drive.google.com/file/d/1iorjSJ8gh3hTDZUy1fHyV-TJXFP43yIo/view?usp=sharing |
|---|
| Пользователь | Trenshyiavv (UID 86876) |
|---|
| Представление | 17.08.2025 04:54 (10 месяцы назад) |
|---|
| Модерация | 19.08.2025 19:14 (3 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 320579 [TOTVS Portal Meu RH до 12.1.17 Password Reset redirectUrl Redirect] |
|---|
| Баллы | 17 |
|---|