CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

May 8, 2025

CVE ID : CVE-2025-40846

Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject JavaScript code to perform cross site scripting attack.

The vulnerability affects Halo versions up to 2.174.101 and all versions between 2.175.1 and 2.184.21

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3759 – Netgear IGD Unauthenticated Configuration Change Vulnerability

Next Article CVE-2025-1253 – RTI Connext Professional Classic Buffer Overflow

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

“A fantastic device for creative users” — this $550 discount on ASUS’s 3K OLED creator laptop disappears before Prime Day

Distribution Release: Rhino Linux 2025.3

Token System using PHP and MySQL

Token System using PHP and MySQL

Create React UI component with uncontrollable

Flaget – new small 5kB CLI argument parser

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 27/2025

CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

CVE-2025-48366 – Group-Office Stored Blind XSS Vulnerability

CVE-2025-52487 – DNN Bypass Login IP Filter Vulnerability

Paragon Commercial Spyware Infects Prominent Journalists

Exploring the funnier side of Microsoft as it celebrates its 50th anniversary with some of the best memes

Orange Pi RV2 Single Board Computer Running Linux: orangepi-config

“The Chinese player base is the holy grail”: Tencent buys 15.75% stake in Helldivers 2 dev Arrowhead as huge profit numbers emerge

CodeSOD: Conventional Events

How Deutsche Bahn redefines forecasting using Chronos models – Now available on Amazon Bedrock Marketplace

CVE-2025-40846 – Halo Open Redirect and Cross Site Scripting Vulnerability

Related Posts