13 matches found
CVE-2025-64716
A flaw was found in Anubis. This vulnerability allows cross-site scripting XSS via an unvalidated redirect parameter when using subrequest authentication mode...
CVE-2025-64716
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...
EUVD-2025-150356
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...
CVE-2025-64716
CVE-2025-64716 affects the Anubis Web AI Firewall Utility. Prior to version 1.23.0, the subrequest authentication flow did not validate the redirect URL, allowing redirects to arbitrary URL schemes and potentially triggering dangerous behavior (e.g., XSS via redirect parameters) in some contexts....
CVE-2025-64716 Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...
CVE-2025-64716 Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...
CVE-2025-64716 Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode
Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most...
PT-2025-46775
Name of the Vulnerable Software and Affected Versions Anubis versions prior to 1.23.0 Description Anubis, a Web AI Firewall Utility designed to protect upstream resources from scraper bots, had a flaw in its subrequest authentication process. Before version 1.23.0, the software did not validate t...
GO-2025-4086 Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode in github.com/TecharoHQ/anubis
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode in github.com/TecharoHQ/anubis...
EUVD-2025-37036
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode...
GHSA-CF57-C578-7JVV Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode
Summary When using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to javascript: URLs, it could still trigger dangerous behavior in some cases. GET...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the redir parameter when using subrequest authentication mode. An attacker can cause users to be redirected to arbitrary URLs by supplying crafted values to the redir parameter, potentially triggering dangerous...
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode
Summary When using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to javascript: URLs, it could still trigger dangerous behavior in some cases. GET...