Security Advisory

CVE-2022-45169

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-21 00:00:00

Last updated 2024-10-30 13:45:09

Assigner mitre

State PUBLISHED

Description

An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.

← Browse all CVEs View on cve.org ↗