CVE-2024-46331

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-601
View all →

Vulnerability Description

ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted URL.

Related Vulnerabilities

CVE-2018-1000504

HIGH
CVSS:7.2(High)

Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be expl...

CWE-6012018

CVE-2020-26938

HIGH
CVSS:7.2(High)

In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA...

CWE-6012020

CVE-2022-1058

HIGH
CVSS:7.2(High)

Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.

CWE-6012022

CVE-2024-46481

HIGH
CVSS:7.2(High)

The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.

CWE-6012024

CVE-2021-3829

HIGH
CVSS:7.3(High)

openwhyd is vulnerable to URL Redirection to Untrusted Site

CWE-6012021

CVE-2024-28287

HIGH
CVSS:7.3(High)

A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL.

CWE-6012024