An issue was discovered in LIVEBOX Collaboration vDesk...
Moderate severity
Unreviewed
Published
Feb 21, 2024
to the GitHub Advisory Database
•
Updated Mar 29, 2024
Description
Published by the National Vulnerability Database
Feb 21, 2024
Published to the GitHub Advisory Database
Feb 21, 2024
Last updated
Mar 29, 2024
An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link.
References