Medium severity6.1NVD Advisory· Published Apr 27, 2021· Updated Jun 17, 2026
CVE-2020-21998
CVE-2020-21998
Description
In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- HomeAutomation/HomeAutomationdescription
- Range: <3.3.2
Patches
Vulnerability mechanics
References
2- cxsecurity.com/issue/WLB-2019120132nvdExploitThird Party Advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5559.phpnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.