| शीर्षक | Horilla CRM < 1.0.3 Open Redirect |
|---|
| विवरण | An Open Redirect vulnerability exists in Horilla CRM versions prior to 1.0.3. The issue resides in the global search functionality at the /generics/search/ endpoint, where the application improperly trusts and utilizes the user-supplied prev_url query parameter to determine the redirection destination.
Suggested CVSS 3.1:
Medium 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Fix commit:
https://github.com/horilla-opensource/horilla-crm/commit/730b5a44ff060916780c44a4bdbc8ced70a2cd27
Patched Version (1.0.3):
https://github.com/horilla-opensource/horilla-crm/releases/tag/1.0.3 |
|---|
| स्रोत | ⚠️ https://github.com/Stolichnayer/Horilla-CRM-Open-Redirect |
|---|
| उपयोगकर्ता | alexperrakis (UID 85369) |
|---|
| सबमिशन | 12/02/2026 06:24 PM (4 महीनों पहले) |
|---|
| संयम | 23/02/2026 06:42 PM (11 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 347407 [horilla-opensource horilla तक 1.0.2 Query Parameter global_search.py get prev_url Redirect] |
|---|
| अंक | 20 |
|---|