Metrics
Affected Vendors & Products
Fri, 05 Sep 2025 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Habitica
Habitica habitica |
|
CPEs | cpe:2.3:a:habitica:habitica:*:*:*:*:*:*:*:* | |
Vendors & Products |
Habitica
Habitica habitica |
|
Metrics |
cvssV3_1
|
Thu, 12 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 11 Dec 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim’s account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch. | |
Title | GHSL-2024-110: Reflected XSS in /register in habitica | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-12-12T15:55:37.199Z
Reserved: 2024-11-19T20:08:14.482Z
Link: CVE-2024-53273

Updated: 2024-12-12T15:55:33.365Z

Status : Analyzed
Published: 2024-12-12T02:15:28.813
Modified: 2025-09-05T21:38:01.310
Link: CVE-2024-53273

No data.

No data.