How severe is CVE-2024-24764?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2024-24764?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2024-24764

MEDIUM Year: 2024

CVSS v3 Score

4.8

Medium

Weakness Type

CWE-601

View all →

Vulnerability Description

October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15.

CVE-2017-16569

MEDIUM

CVSS:4.8(Medium)

An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.

CWE-6012017

CVE-2018-8813

MEDIUM

CVSS:4.8(Medium)

Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a ...

CWE-6012018

CVE-2021-34763

MEDIUM

CVSS:4.8(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open red...

CWE-6012021

CVE-2022-46407

MEDIUM

CVSS:4.8(Medium)

Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted r...

CWE-6012022