CVE-2024-25559

URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...

CVE-2024-25559

CVE-2024-25559 affects a-blog cms versions 3.1.0 through 3.1.8.1 The vulnerability is a URL spoofing issue that can force the administrator to visit an arbitrary website when clicking a link in the audit log, triggered by a specially crafted request. The root cause is exposure of trusted navigati...