Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: June 22, 2022
OverviewIn habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.
DetailsIn habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page. After successful login of a user, he will be redirected to an arbitrary page.
PoC DetailsAccess the login page URL(generally: http://localhost:8080/login?redirectTo=http%3A%2F%2Fevil.com) and login as a valid user. After successful login, a redirect will be made to a malicious website.
Affected Environmentshabitica versions v4.119.0-v4.232.2
PreventionUpgrade to habitica version v4.233.0
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||None|
|User Interaction (UI):||Required|