Unrated severityNVD Advisory· Published Jan 12, 2013· Updated Apr 29, 2026

CVE-2011-5252

Description

Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.

Affected products

Orchardproject/Orchard9 versions
cpe:2.3:a:orchardproject:orchard:1.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:orchardproject:orchard:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:orchardproject:orchard:1.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:orchardproject:orchard:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:orchardproject:orchard:1.1.30:*:*:*:*:*:*:*
- cpe:2.3:a:orchardproject:orchard:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:orchardproject:orchard:1.2.41:*:*:*:*:*:*:*
- cpe:2.3:a:orchardproject:orchard:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:orchardproject:orchard:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:orchardproject:orchard:1.3.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2012-01/0023.htmlnvdExploit
www.mavitunasecurity.com/open-redirection-vulnerability-in-orchard/nvdExploit
www.securityfocus.com/bid/51260nvdExploit
secunia.com/advisories/47398nvdVendor Advisory
orchard.codeplex.com/discussions/283667nvd
exchange.xforce.ibmcloud.com/vulnerabilities/72110nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.014
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000