VYPR

NuGet package

volo.abp.account.web

pkg:nuget/volo.abp.account.web

Vulnerabilities (1)

  • CVE-2025-65581Dec 16, 2025
    affected >= 5.1.0, < 10.0.0-rc.2fixed 10.0.0-rc.2

    An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains.