NuGet package
volo.abp.account.web
pkg:nuget/volo.abp.account.web
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-65581 | — | >= 5.1.0, < 10.0.0-rc.2 | 10.0.0-rc.2 | Dec 16, 2025 | An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains. |
- CVE-2025-65581Dec 16, 2025affected >= 5.1.0, < 10.0.0-rc.2fixed 10.0.0-rc.2
An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains.