CVE-2024-1240

MEDIUM Year: 2024
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.

Related Vulnerabilities

CVE-2021-1218

MEDIUM
CVSS:4.6(Medium)

A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability i...

CWE-6012021

CVE-2021-20534

MEDIUM
CVSS:4.5(Medium)

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remot...

CWE-6012021

CVE-2025-21401

MEDIUM
CVSS:4.5(Medium)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-6012025

CVE-2012-0518

MEDIUM
CVSS:4.7(Medium)

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Re...

CWE-6012012

CVE-2017-6932

MEDIUM
CVSS:4.7(Medium)

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. Th...

CWE-6012017

CVE-2019-15974

MEDIUM
CVSS:4.7(Medium)

A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to...

CWE-6012019