9 matches found
CVE-2025-54066
DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login page, DiracX-Web has a redirect field which i...
CVE-2025-54066
DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login page, DiracX-Web has a redirect field which i...
CVE-2025-54066 DiracX-Web login page has Open Redirect vulnerability
DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login page, DiracX-Web has a redirect field which i...
CVE-2025-54066
DiracX-Web has an Open Redirect vulnerability in versions prior to 0.1.0-a8. The login page’s redirect field accepts an arbitrary URI and is not validated. When combined with parameter pollution, an attacker can cloak a malicious redirect, potentially phishing users and harvesting credentials. Th...
CVE-2025-54066 DiracX-Web login page has Open Redirect vulnerability
DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login page, DiracX-Web has a redirect field which i...
CVE-2025-54066 DiracX-Web login page has Open Redirect vulnerability
DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login page, DiracX-Web has a redirect field which i...
CVE-2025-54066
creationtimestamp| type| source ---|---|--- 2025-07-17 12:47:26+00:00| published-proof-of-concept| https://github.com/DIRACGrid/diracx-web/security/advisories/GHSA-hfj7-542q-8fvv...
DiracX-Web 输入验证错误漏洞
DiracX-Web is an open source user interface for DiracX from the DIRAC Project. An input validation error vulnerability exists in versions of DiracX-Web prior to 0.1.0-a8, which stems from an unvalidated redirect field and could lead to a phishing attack...
PT-2025-29920 · Unknown · Diracx-Web
Name of the Vulnerable Software and Affected Versions: DiracX-Web versions prior to 0.1.0-a8 Description: DiracX-Web is a web application that provides an interface to interact with the DiracX services. An attacker can forge a request to redirect an authenticated user to an arbitrary website. The...