| शीर्षक | busyorg busy <=2.5.5 Open Redirect |
|---|
| विवरण | An Open redirection vulnerability discovered at the endpoint /callback of the latest version (v2.5.5), which arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain |
|---|
| स्रोत | ⚠️ https://github.com/busyorg/busy/issues/2287 |
|---|
| उपयोगकर्ता | ZAST.AI (UID 87884) |
|---|
| सबमिशन | 06/02/2026 09:22 AM (4 महीनों पहले) |
|---|
| संयम | 18/02/2026 09:01 PM (12 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 346661 [busy तक 2.5.5 Callback app.js state Redirect] |
|---|
| अंक | 20 |
|---|