URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
References
Configurations
No configuration.
History
01 Nov 2024, 21:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-601 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
Summary |
|
15 Feb 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-15 05:15
Updated : 2024-11-01 21:35
NVD link : CVE-2024-25559
Mitre link : CVE-2024-25559
CVE.ORG link : CVE-2024-25559
JSON object : View
Products Affected
No product.
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')