VYPR
Unrated severityNVD Advisory· Published Dec 16, 2024· Updated Dec 17, 2024

CVE-2024-55452

CVE-2024-55452

Description

A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Ujcms/Ujcmscpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: =9.6.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.