216.73.216.67

CVE-2024-1240

· Published 15/11/2024 11:15 · Modified 19/11/2024 19:04

Labels: CVE-2024-1240 2024-11-15CVE-2024-1240CWE-601[email protected]

Essential information

Published
15/11/2024 11:15
Modified
19/11/2024 19:04
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
pyload / pyload cpe:2.3:a:pyload:pyload:0.5.0:*:*:*:*:*:*:*

References