CVE-2024-55452

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-55452
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55452.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-55452
Published
2024-12-16T23:15:06.817Z
Modified
2026-04-10T05:18:35.174315Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage.

References

Affected packages

Git / github.com/dromara/ujcms

Affected ranges

Type
GIT
Repo
https://github.com/dromara/ujcms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4912aab3df20c76340505829f37f660be94def39
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.6.3"
        }
    ]
}

Affected versions

v1.*
v1.0.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v3.*
v3.0.0
v3.0.1
v3.1.0
v4.*
v4.1.1
v4.1.2
v4.1.3
v5.*
v5.5.1
v5.5.2
v6.*
v6.0.2
v7.*
v7.0.0
v7.0.1
v7.0.2
v7.0.3
v7.0.4
v8.*
v8.0.2
v9.*
v9.0.3
v9.0.4
v9.0.5
v9.1.0
v9.1.1
v9.1.4
v9.5.0
v9.5.1
v9.6.0
v9.6.1
v9.6.2
v9.6.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55452.json"