CVE-2024-25559

Published: Feb 15, 2024Modified: May 13, 2025

4.7

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.

Affected (1)

Products: Appleple: A Blog Cms

Appleple

1 product

A Blog Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Appleple A Blog Cms	From 3.1.0 to 3.1.8

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (4)

https://developer.a-blogcms.jp/blog/news/JVN-48966481.html

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN48966481/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://developer.a-blogcms.jp/blog/news/JVN-48966481.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://jvn.jp/en/jp/JVN48966481/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.