CVE-2024-49379

CVSS V2 None CVSS V3 None
Description
Umbrel is a home server OS for self-hosting. The login functionality of Umbrel before version 1.2.2 contains a reflected cross-site scripting (XSS) vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the vulnerability. If a JavaScript URL is passed to the redirect parameter the attacker provided JavaScript will be executed after the user entered their password and clicked on login. This vulnerability is fixed in 1.2.2.
Overview
  • CVE ID
  • CVE-2024-49379
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-11-13T17:18:47.547Z
  • Last Modified Date
  • 2024-11-13T17:18:47.547Z
History
Created Old Value New Value Data Type Notes
2024-11-14 13:22:19 Added to TrackCVE