Vulnerability DatabaseCVE-2023-49281
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-49281
December 01, 2023
Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability.
Related ResourcesĀ (4)
https://github.com/Cainor/Calendarinho/commit/9a0174bef939565a76cbe7762996ecddca9ba55e
https://github.com/Cainor/Calendarinho/security/advisories/GHSA-g2gp-x888-6xrj
https://github.com/Cainor/Calendarinho/commit/c77defeb0103c1f7a4709799b8751aaeb0d09eed
https://github.com/Cainor/Calendarinho/commit/15b2393efd69101727d27a4e710880ce46e84d70
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
LOW
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
URL Redirection to Untrusted Site ('Open Redirect')
CWE-601
EPSS
Base Score:
0.16