CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

May 8, 2025

CVE ID : CVE-2025-40846

Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject JavaScript code to perform cross site scripting attack.

The vulnerability affects Halo versions up to 2.174.101 and all versions between 2.175.1 and 2.184.21

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3759 – Netgear IGD Unauthenticated Configuration Change Vulnerability

Next Article CVE-2025-1253 – RTI Connext Professional Classic Buffer Overflow

Highlights

CVE-2025-4530 – Feng Ha Ha Megagao SSM-ERP/Production SSM Path Traversal Vulnerability

May 11, 2025

CVE ID : CVE-2025-4530

Published : May 11, 2025, 5:15 a.m. | 1 hour, 23 minutes ago

Description : A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java of the component File Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Computex

DOOM: The Dark Ages gets Path Tracing update in June, bringing better visuals for PC players

Early Memorial Day deals are LIVE on Windows PCs, gaming accessories, and more — 6 hand-picked discounts on our favorites

Microsoft open sources the Windows Subsystem for Linux — invites developers to help more seamlessly integrate Linux with Windows

How JavaScript’s at() method makes array indexing easier

How JavaScript’s at() method makes array indexing easier

Motherhood and Career Balance in Tech: Stories from Perficient LATAM

ES6: Set Vs Array- What and When?

Computex

Computex

DOOM: The Dark Ages gets Path Tracing update in June, bringing better visuals for PC players

Early Memorial Day deals are LIVE on Windows PCs, gaming accessories, and more — 6 hand-picked discounts on our favorites

CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2024-5878 – WordPress SimpleLightbox Stored Cross-Site Scripting Vulnerability

Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover

Like Roborock, Dreame is also working on a mechanical arm for its robot vacuums

str0m is a Sans I/O WebRTC implementation

Artifacts: Jump Lists

CVE-2025-4530 – Feng Ha Ha Megagao SSM-ERP/Production SSM Path Traversal Vulnerability

React Server Components Explained: The Future of High-Performance React Apps?

SteamOS

Drawing – simple image editor

CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

Related Posts