CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

May 8, 2025

CVE ID : CVE-2025-40846

Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject JavaScript code to perform cross site scripting attack.

The vulnerability affects Halo versions up to 2.174.101 and all versions between 2.175.1 and 2.184.21

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3759 – Netgear IGD Unauthenticated Configuration Change Vulnerability

Next Article CVE-2025-1253 – RTI Connext Professional Classic Buffer Overflow

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Xbox handheld leaks in new “Project Kennan” photos from the FCC — plus an ASUS ROG Ally 2 prototype with early specs

OpenAI plays into Elon Musk’s hands, ditching for-profit plan — but Sam Altman doesn’t have Microsoft’s blessing yet

“Are we all doomed?” — Fiverr CEO Micha Kaufman warns that AI is coming for all of our jobs, just as Bill Gates predicted

I went hands-on with dozens of indie games at Gamescom Latam last week — You need to wishlist these 7 titles right now

Mastering Node.js Streams: The Ultimate Guide to Memory-Efficient File Processing

Mastering Node.js Streams: The Ultimate Guide to Memory-Efficient File Processing

Sitecore PowerShell commands – XM Cloud Content Migration

Our Partner Adobe Recognized Again as a DXP Leader

Xbox handheld leaks in new “Project Kennan” photos from the FCC — plus an ASUS ROG Ally 2 prototype with early specs

Xbox handheld leaks in new “Project Kennan” photos from the FCC — plus an ASUS ROG Ally 2 prototype with early specs

OpenAI plays into Elon Musk’s hands, ditching for-profit plan — but Sam Altman doesn’t have Microsoft’s blessing yet

“Are we all doomed?” — Fiverr CEO Micha Kaufman warns that AI is coming for all of our jobs, just as Bill Gates predicted

CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Technological Advances that Challenged Visual Art

OnPageSEO.ai – AI SEO Chrome Extension

WordPress Plugins Hit by Supply Chain Attack: Update Now!

How to auto scroll Appium Server Console log at bottom

Structurally Flexible Neural Networks: An AI Approach to Solve a Symmetric Dilemma for Optimizing Units and Shared Parameters

Have you used Cash App in the last 6 years? You might be eligible for $2,500

Android studio emulator problem

Introduction to Usability and UX in Universal Design â€“ 1

CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

Related Posts