exploitDog

CVE-2025-64116

Опубликовано: 30 окт. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0.

Ссылки

https://github.com/leepeuker/movary/commit/716f703b4464ffdb0365c406f3660d275495769f
Patch
https://github.com/leepeuker/movary/pull/713
Issue Tracking
https://github.com/leepeuker/movary/security/advisories/GHSA-7q72-x26x-7f8g
Exploit
Third Party Advisory
https://github.com/leepeuker/movary/security/advisories/GHSA-7q72-x26x-7f8g
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:leepeuker:movary:*:*:*:*:*:*:*:*

Версия до 0.69.0 (исключая)

EPSS

Процентиль: 13%

0.00043

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-601

EPSS

Процентиль: 13%

0.00043

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-601