An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.gruppotim.it/it/footer/red-team.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-02-21T00:00:00
Updated: 2024-08-03T14:09:56.632Z
Reserved: 2022-11-11T00:00:00
Link: CVE-2022-45169
Vulnrichment
Updated: 2024-08-03T14:09:56.632Z
NVD
Status : Analyzed
Published: 2024-02-21T16:15:49.060
Modified: 2024-04-01T15:52:55.667
Link: CVE-2022-45169
Redhat
No data.