URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.
Metrics
Affected Vendors & Products
References
History
Fri, 01 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-601 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: jpcert
Published: 2024-02-15T04:32:37.608Z
Updated: 2024-11-01T20:52:44.326Z
Reserved: 2024-02-08T01:35:27.596Z
Link: CVE-2024-25559
Vulnrichment
Updated: 2024-08-01T23:44:09.680Z
NVD
Status : Awaiting Analysis
Published: 2024-02-15T05:15:10.870
Modified: 2024-11-21T09:00:59.190
Link: CVE-2024-25559
Redhat
No data.