Описание
ABP Account Module has an Open Redirect through Improper validation in its register function
An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains.
Пакеты
Наименование
Volo.Abp.Account.Web
nuget
Затронутые версииВерсия исправления
>= 5.1.0, < 10.0.0-rc.2
10.0.0-rc.2
Связанные уязвимости
CVSS3: 5.3
nvd
около 2 месяцев назад
An open redirect vulnerability exists in the Account module in Volosoft ABP Framework >= 5.1.0 and < 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains.