87 matches found
SickChill - Open Redirect
SickChill's login endpoint's 'next' parameter accepts arbitrary content, allowing authenticated attackers to perform open redirects, but this was fixed in commit c7128a8946c3701df95c285810eb75b2de18bf82 by redirecting to a default page. id: CVE-2024-53995 info: name: SickChill - Open Redirect...
CVE-2026-45307
Speakr prior to 0.8.20-alpha is vulnerable to an open redirect via the is_safe_url() helper. The validation used urljoin(request.host_url, target) before parsing, so a scheme-relative input like ////evil.com is resolved to a same-host URL during validation but is emitted verbatim in the Location ...
PT-2026-41962
Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...
CVE-2026-41513
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...
CVE-2026-41513 Horilla: Open Redirect via Unvalidated `next` Parameter in Notification Endpoints
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...
PT-2026-40245
Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects...
wger: trainer_login open redirect - ?next= parameter not validated against host
Summary The trainerlogin view in wger redirects to request.GET'next' directly via HttpResponseRedirect without calling urlhasallowedhostandscheme. After the trainer successfully enters impersonation mode, their browser is redirected to any attacker-controlled URL supplied in the ?next= parameter,...
GHSA-VQV8-J3MJ-WJXJ wger: trainer_login open redirect - ?next= parameter not validated against host
Summary The trainerlogin view in wger redirects to request.GET'next' directly via HttpResponseRedirect without calling urlhasallowedhostandscheme. After the trainer successfully enters impersonation mode, their browser is redirected to any attacker-controlled URL supplied in the ?next= parameter,...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the trainerlogin function. An attacker can redirect a user's browser to an external, attacker-controlled URL by supplying a crafted next parameter, potentially exposing sensitive information such as the original URL...
Jupyter Server has an open redirection vulnerability in `next` query parameter
Summary The ?next=... URL query parameter has an open redirection vulnerability. In jupyterserver=2.17.0, this URL query parameter allows redirection to arbitrary external domains, which can be exploited to facilitate phishing attacks on server users. Details The vulnerability is caused by...
GHSA-QH7Q-6QM3-653W Jupyter Server has an open redirection vulnerability in `next` query parameter
Summary The ?next=... URL query parameter has an open redirection vulnerability. In jupyterserver=2.17.0, this URL query parameter allows redirection to arbitrary external domains, which can be exploited to facilitate phishing attacks on server users. Details The vulnerability is caused by...
CVE-2025-61669 jupyter_server next parameter open redirect can redirect users to external domains
Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...
CVE-2026-2153
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153 mwielgoszewski doorman views.py is_safe_url redirect
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
EUVD-2026-5796
A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function issafeurl of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been publicly disclosed a...
CVE-2026-2153
The CVE-2026-2153 entry targets the mwielgoszewski doorman project (up to version 0.6) and affects the is_safe_url function in doorman/users/views.py. The issue arises from manipulating the Next argument, allowing an open redirect. Exploitation is possible remotely, and public disclosure of the e...
doorman 输入验证错误漏洞
Doorman is a configuration manager developed by Marcin Wielgoszewski. Versions of Doorman prior to 0.6 contained a vulnerability related to input validation errors. This vulnerability stemmed from incorrect handling of the parameter “Next” in the file “doorman/users/views.py”, which could lead to...
CVE-2025-60935
An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the nexturl parameter in the login endpoint and could lead to phishing or token theft after successful authentication...