Submeter #636360: TOTVS Portal Meu RH 12.1.17 Open Redirect combined with phishing in password resetinformação

TítuloTOTVS Portal Meu RH 12.1.17 Open Redirect combined with phishing in password reset
DescriçãoAn Open Redirect vulnerability in the password recovery flow of the TOTVS Meu RH Portal platform allows attackers to manipulate the redirectUrl parameter, causing the application to send legitimate emails that redirect users to malicious external domains, enabling highly convincing phishing attacks.
Fonte⚠️ https://drive.google.com/file/d/1iorjSJ8gh3hTDZUy1fHyV-TJXFP43yIo/view?usp=sharing
Utilizador
 Trenshyiavv (UID 86876)
Submissão17/08/2025 04h54 (há 10 meses)
Moderação19/08/2025 19h14 (3 days later)
EstadoAceite
Entrada VulDB320579 [TOTVS Portal Meu RH até 12.1.17 Password Reset redirectUrl Redirect]
Pontos17

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!