VYPR
Unrated severityNVD Advisory· Published Feb 21, 2024· Updated Oct 30, 2024

CVE-2022-45169

CVE-2022-45169

Description

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • LIVEBOX Collaboration/vDeskdescription
  • LIVEBOX/vDeskllm-fuzzy
    Range: <= v031

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.