CVE-2026-41126 BigBlueButton has Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL"

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...

PT-2026-34217

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.24 Description An open redirect exists in the 'bigbluebutton/api/join' endpoint through the logoutURL parameter. This occurs when requests with incorrect checksums are handled improperly, allowing a redirect...

AZL-10651 CVE-2021-3639 affecting package mod_auth_mellon for versions less than 0.16.0-4

A flaw was found in modauthmellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threa...

CVE-2022-32195

Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL...

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET/ANY. To expand: One way GET/ANY could be...

Open Redirect Vulnerability in Multiple Pivotal Products at Login

Pivotal Cloud Foundry PCF Runtime cf-release and others are products of Pivotal Software, Inc. PCF is an open source Platform-as-a-Service PaaS cloud computing platform that provides container scheduling, continuous delivery, and automated service deployment. cf-release is a release version of PC...

CVE-2015-3190

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter...

CVE-2015-3190

The CVE-2015-3190 issue affects Cloud Foundry components where the UAA logout link can be used as an open redirect. Affected versions include cf-release v209 or earlier, UAA standalone v2.2.6 or earlier, and Cloud Foundry Runtime v1.4.5 or earlier. The underlying vulnerability allows an attacker ...

PHPWIND 8.7 手机版 CSRF

简要描述： 手机版的CSRF漏洞，由于手机版和电脑版共用cookie，所以对电脑版也有效 详细说明： 手机版“退出”链接为 index.php?a=quit 帖子内容写： imghttp://xxxxxxx/m/index.php?a=quit/img 看帖后即被退出 漏洞证明： 本地测试成功退出...